ABSTRACT
Although many endpoint security mechanisms have been built and stacked up, still numerous attacks are being vectored resulting in maintaining a profile of network attacks. Even though studies do uncover the evil nature of the attacks, there exist various forms that carry those evil senses. Sometimes, network administrators even do not know that an attack has happened from the inside network because of heavy data traffic. If they want to analyze those data packets, administrators must be in place. Existing mechanisms handle the nature of protecting networks by considering the source, destination IP addresses, source, and destination port addresses. On the other hand, a transparent analysis of packets helps in the detection of an attack. In our project, we use YARA for robust rule-based detection to hunt packets that are thrown into the network to cause an attack. To deal with the detection and analysis of packets on the go, we propose an automated system in which the task of packet capturing as well as the analysis of those packets using YARA is done. YARA is the name of a tool primarily used in malware research and detection. This level of operation introduces a new endpoint mechanism where the network pcap files are sent through the YARA rules to detect and identify what network traffic may constitute, and the results are alerted to the network administrator through mailing services so that the administrator can take fine action to secure the network.
