Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology

ISSN No- 2584-2706

Impact of Cyber Security on Network Traffic

Gabriel Tosin Ayodele
Faculty of Engineering and Informatics, University of Bradford,
Bradford West Yorkshire,
United Kingdom.

Abstract
The importance of cybersecurity in safeguarding importance of robust cybersecurity to safeguard
network traffic is crucial in our increasingly sensitive data and ensure uninterrupted operation
interconnected world. Our research investigates of network systems
the significant impact of cybersecurity on network [1]. Cybersecurity encompasses all practices and
performance and integrity, revealing that various protocols aimed at preventing unauthorized access
security protocols influence the dynamic nature of or cyber-attacks on networks, devices, or
network traffic in the face of cyber threats. Using information. Meanwhile, network traffic
encompasses all data transmitted across a network,
data from Kaggle, we conducted an analysis of
including activities like web browsing, file
suspicious activity patterns over time, the
transfers, and video streaming. This is crucial for
contribution of different network protocols, and enabling effective communication between
the involvement of specific IP addresses in devices. Cybersecurity plays a central role in
attacks. Our findings highlight that cybersecurity protecting network traffic from various threats,
incidents notably alter traffic patterns, with peaks such as malicious attacks, unauthorized system
often coinciding with increased threat levels. access, and potential compromise of personal or
Certain network protocols, such as ICMP and national security, which can greatly impact
TCP, were identified as key factors influencing someone's financial standing and reputation
traffic and vulnerabilities. Particularly, there was a
[2] The impact of cybersecurity on network traffic
high frequency of attacks targeting Windows
runs deep and is complex. Because of this, it is
devices, emphasizing the need for specialized essential to have effective security protocols and
security measures. mechanisms in place to detect, prevent, and
In the current era, characterized by advancing mitigate cyber threats targeting the network
technologies like IoT and cloud computing, infrastructure [20]. Cyberattacks like Distributed
striking a balance between security and Denial of Service (DDoS), Man-in-the-Middle
performance is a significant concern due to the (MitM), phishing, and ransomware take advantage
expanded attack surface area. These results of weaknesses in network systems, leading to
provide valuable insights for developing adaptive disruption of normal data flow and posing risks to
and resilient network infrastructures capable of its confidentiality and integrity [3]. Due to their
withstanding the evolving landscape of cyber ever-changing nature, these threats require
threats. continuous monitoring and adaptive security
strategies to uphold the resilience and
Keywords dependability of network communications.
Cybersecurity, Network Traffic, Cyber Threats,
Furthermore, the implementation of advanced
Data Integrity, Network Protocols, IP Addresses, cybersecurity measures impacts the network's
Cybersecurity Measures, Real-Time Monitoring, performance and effectiveness. Techniques for
Anomaly Detection, Emerging Technologies. safeguarding data transmission, such as
encryption, Intrusion Detection Systems (IDS),
A. Introduction and firewalls, are essential, but they can introduce
In today's interconnected world, the reliance on latency and complexity to network operations [4].
digital networks for communication, commerce, Balancing security and performance to ensure a
and vital infrastructure has significantly increased. secure yet efficient network service is an ongoing
This growing reliance has also emphasized the challenge for organizations. The introduction of

IJMSRT24SEP038 www.ijmsrt.com 264

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
new technologies like the Internet of Things (IoT) During business transactions, devices exchange
and cloud computing has expanded the attack sensitive information over networks, making data
surface, increased vulnerabilities and adding protection essential at every stage of its life cycle
complexity to the management of secure network [15]-[18]. Organizations responsible for managing
traffic. financial records, health care information, and
national security data are significantly obligated to
The study's purpose is to examine the intricate
implement highly stringent measures to safeguard
connections between cyber security and network
their sensitive business and personnel records from
traffic, analyzing various threats and security
increasingly sophisticated and frequent cyber-
performance metrics to safeguard network
attacks [15][16][17][18]. A solid cyber security
integrity. Using a dataset sourced from Kaggle, the
policy will effectively incorporate security
research aims to identify effective methodologies
mechanisms to thwart malicious attacks that seek
and technologies for network protection while
to access, alter, or delete sensitive information or
maintaining operational efficiency. It is crucial to
disrupt systems [19][20][21]. Additionally, cyber
gain a deeper understanding of these dynamics to
security measures can also act as a defense against
develop robust network systems capable of
attacks that could cripple or disrupt devices and
withstanding and adapting to the constantly
systems [19].
evolving landscape of cyber-attacks.
D. Cybercriminals
B. Literature Review
The term cybercrime refers to any criminal
The review covers important elements of
activities carried out using computers, connected
cybersecurity, including strategies and tools
devices, or networks [22]– [26]. Most cybercrimes
designed to protect valuable information. It also
are motivated by personal gain, while others aim
addresses other challenges posed by
to disrupt systems or hinder productivity.
cybercriminals, such as malware infections and
Examples include using a computer or network to
phishing schemes, as well as crucial elements like
spread malware or distribute explicit content
antivirus software, firewalls, and encryption.
online [22]-[26]. The Council of Europe
Furthermore, it explores the ways in which AI has
Convention on Cybercrime covers a wide range of
enhanced network security by offering advanced
malicious activities, such as illegal data
traffic analysis.
interception, copyright infringement, and
C. Cybersecurity compromising network integrity and availability
through system intrusions [27][28]. The United
The concept of cybersecurity encompasses a wide States, along with other countries, will be signing
array of methods, strategies, and procedures this convention [27] [28].
designed to safeguard data, networks, software,
and devices from unauthorized access and attacks Due to the availability of reliable internet
[5][6] – [10]. Large volumes of data are often connections, criminals find it simpler to engage in
gathered and stored on computers or similar cybercrimes without needing to be physically
devices by financial institutions and government present [29]. Examples of these offenses include
entities [7][11][12]. Additionally, internet usage fraud, money laundering, cyberbullying, and
plays a crucial role in the operations of sectors like cyberstalking, all facilitated by the speed and
the military and healthcare [7][11][12]. Within convenience of the internet [15][19][28][29]. This
these systems, valuable and sensitive items, such type of crime may be committed by individuals or
as personal identification records, financial organized global criminal groups with advanced
documents, and intellectual property, are technical skills. Additionally, cybercriminals often
frequently stored, necessitating the implementation reside in regions with inadequate laws against such
of strict access controls due to the severe activities, allowing them to operate without
repercussions of unauthorized access [11][12]. detection or arrest [30][31].
Consequently, these organizations must implement
cybersecurity measures [11] – [14] to mitigate E. Cyber Attacks
potential risks. The individual or organization clearly made a
deliberate and sophisticated attempt to disrupt
other people's computer systems [32]. While many

IJMSRT24SEP038 www.ijmsrt.com 265

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
attacks are motivated by financial gain, some seek  Spyware: Spyware gathers information about the
to delete, alter, or destroy data [5][7][31][32]. user, including browsing behaviors and personal
Cyber-attacks are now more common. According information, often sent back to attackers
to the Cisco Annual Cybersecurity Report, [32][35][43][46].
attackers can now launch their campaigns using  Ransomware: Ransomware is a type of malware
network-based ransomware worms without human that restricts user access until payment is made,
intervention [33]. Additionally, security incidents usually by encrypting the victim’s documents
have become both more frequent and more and holding them hostage [32][35][47][48].
complex [33]. According to the former CEO of
Cisco, businesses can be divided into those that
have already been hacked and those that are still
unaware of any hacking activity [34].

Figure 1: Primary Motivations Behind Cyber- Figure 2: Correlation Between Attackers'

Attacks. Technical Expertise and the Complexity of
Attacks.
The indications of malicious attacks on computer
systems can be observed in six main ways: 2) Phishing: Phishing involves sending fake
malware, phishing, denial of service (DoS), man- emails that appear genuine, directing recipients
in-the-middle (MitM), password spraying, and to malicious websites or files where attackers
cross-site scripting (XSS) [32] – [41]. The can steal sensitive data like logins, credentials,
following provides a brief description of each and financial information from their targets.
type:
3) Denial of Service (DoS) and Distributed Denial
1) Malware: Malware consists of damaging of Service (DDoS): Denial of Service (DoS)
software or code designed to compromise the and Distributed Denial of Service (DDoS)
confidentiality, integrity, or availability of attacks overwhelm systems with traffic,
information [42]. It encompasses various types rendering them unable to respond to legitimate
such as Trojans, viruses, worms, spyware, and requests. DDoS attacks, in particular, are
ransomware [32][35][42]. challenging to prevent as they involve multiple
 Trojans: Trojans masquerade as legitimate computers simultaneously.
software, tricking users into easily installing 4) Man-in-the-Middle (MitM): In a Man-in-the-
them and providing cybercriminals an Middle (MitM) attack, hackers intercept
opportunity to steal data [35][43]. communication between clients and servers by
 Viruses: Viruses replicate themselves and spread impersonating either party, gaining access to
through systems, infecting files or attaching sensitive information.
themselves to executable codes [32][43][44]. 5) Brute-force and Password Spraying: Brute-
force attacks involve repeatedly guessing
 Worms: Worms are self-replicating applications
passwords until one is successful, while
that travel through networks, leading to denial-
password spraying involves bypassing lockout
of-service attacks [35][43][45].
protocols by trying common passwords across
multiple accounts.

IJMSRT24SEP038 www.ijmsrt.com 266

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
6) Cross-site Scripting (XSS): Cross-site Scripting  Encryption: Encryption involves converting data
(XSS) exploits vulnerabilities in web into an unreadable format to ensure that only
applications, allowing hackers to inject authorized individuals can access it using the
malicious code into websites to collect user correct keys. Breaking into encrypted
data without their consent. information typically involves solving complex
mathematical tasks such as factoring large
F. Cybersecurity Tools and Techniques in primes, which requires a considerable amount of
Network Security and Traffic Analysis time and resources [61][62]. There are two main
Unauthorized attempts to access confidential types of cryptographic standards: symmetric and
information have significantly increased in the asymmetric. Symmetric encryption relies on a
current scenario. These attempts often involve single key for both encoding and decoding,
stealing data or manipulating sensitive information while the asymmetrical method uses
to influence users. This growing threat emphasizes public/private keys. Furthermore, modern
the crucial need for prioritizing cybersecurity security protocols often utilize asymmetric
measures [5][6][7][8][9]. Internet security can be encryption to securely distribute keys [61].
achieved using antivirus programs, firewalls,  Digital Signatures: The same mathematical
authentication methods, encryption technologies, principles underpin digital signatures and
and digital signatures, each of which will be asymmetric encryption [63]. Users can verify
discussed below. their ownership of a specific private key by
 Anti-Virus: An undesirable program that using encoded information. The user's public key
executes commands without user approval is is used for decryption and verification of their
known as a computer virus. The primary credentials. This process utilizes public key
functions of an anti-virus tool are to prevent encryption and rests on the assumption that only
virus installations and to scan systems for the authorized user has access to the private key
potential viruses [7][49]. While Windows [63] [64].
operating systems are the primary targets for  AI-Driven Network Traffic Analysis: AI-
viruses due to their widespread usage, some powered analysis of network traffic has
viruses also target Apple and Linux platforms revolutionized the monitoring and analysis of
[49][50]. network activity. Specifically, deep learning
 Firewall: Firewalls act as barriers against models have automated the detection of
hackers attempting to infiltrate a system through abnormalities and security threats within
internet or other network connections [57][58]. network traffic (AI). These systems facilitate the
Most operating systems come with built-in classification and monitoring of traffic patterns,
firewalls that are typically activated by default. as well as the detection of anomalies and the
However, users can opt to install additional enhancement of intrusion detection, among other
commercial firewalls if the default ones do not functions. Within these networks, deep learning
offer sufficient protection or disrupt legitimate models such as CNNs or RNNs have
network activities [57][58]. demonstrated significant potential in identifying
malicious traffic across intricate networks. This
 Authentication: Verifying credentials is a crucial technique plays a crucial role in ensuring robust
cybersecurity concept aimed at ensuring that network security.
users' identities match the information in the
system's security domain [59]. Passwords are a G. Methodology
primary authentication tool, and other methods
The research provided an analysis of the impact
such as SIM cards with unique ID numbers are
also utilized. During the authentication process, of computer security breaches on network
these numbers are transmitted over a secure line communications through data preparation and
[59]– [60]. However, intercepting passwords visual exploration. Specifically, the data was
through unprotected channels is a significant cleansed and structured to facilitate an
challenge, which can be addressed by investigation aimed at distinguishing between
implementing encrypted techniques [59]– [60]. normal and malicious traffic. Utilizing Plotly,
interactive visualizations were generated, aiding

IJMSRT24SEP038 www.ijmsrt.com 267

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
in the identification of patterns, anomalies, and It comprises network traffic data such as
threat assessments. This approach allowed for a timestamps, source and destination IP addresses,
comprehensive understanding of network and various traffic-related components. This
activities during cyberattacks. dataset encompasses diverse types of network
activities and potential security events, including
H.Dataset network intrusions, anomalies, and attack
The study utilizes a dataset obtained from patterns.
Kaggle, containing 40000 rows and 25 columns.

Figure 3: Dataset Overview  Handling Missing Values: Any rows with

I. Data Preprocessing missing or null values were removed to
prevent inaccuracies in the analysis.
To ensure the dataset was clean and suitable for
analysis, the following preprocessing steps were
performed:

Figure 4: Code Snippet for Handling Missing  Data Type Conversion: The timestamp column
Value was converted into a standard datetime format
to ensure time-based analysis was consistent
and accurate.

IJMSRT24SEP038 www.ijmsrt.com 268

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706

Figure 5:Code Snippet for Data Type Conversion was tailored to emphasize specific aspects of
 Labeling Network Traffic: Traffic was network traffic, shedding light on metrics such
categorized based on whether it represented as traffic volume, types of attacks, and time-
normal activity or potential attacks, allowing based trends. By employing scatter plots and
for a clear distinction in the analysis of benign heatmaps, I was able to illustrate the flow of
versus malicious traffic. network traffic and identify which IP addresses
were more likely to be associated with
J. Analysis
abnormal traffic during cyber-attacks.
The study utilized data visualizations to tackle the Dedicated graphs provided valuable insights
primary research inquiries, aiming to explore the into whether malicious activity was correlated
impact of cybersecurity events on network traffic with shorter or longer connection times when
patterns. Rather than using machine learning examining connection duration. Additionally,
models for prediction or classification, the bar charts and pie charts were used to
emphasis was on deriving insights from the showcase the distribution of different types of
dataset by generating visual depictions of network attacks, helping to pinpoint more severe threats
activities. facing the network.
Key steps in the analysis process included:  Investigating Time Variability Patterns:
 Identifying Core Questions: The analysis was Specifically, line charts proved to be effective
guided by several key questions to comprehend in examining fluctuations in network traffic
the impact of cyber security on data traffic. The over time. By plotting time values against
objective was to determine the disparity in traffic volume, we were able to detect unusual
network traffic from specific addresses peaks or trends in network activity which often
compared to others, as well as to identify correlated with cybersecurity incidents.
prevalent types of attacks. Equally important Through this temporal analysis, we were able
was examining the duration of different types to identify peak vulnerability moments and
of connections and identifying any substantial significant cyber activities.
increases during periods associated with cyber-  Bringing Attention to Emerging Abnormalities:
crimes. By addressing these queries, the study We utilized scatter plots and heat maps to
aimed to uncover significant patterns and highlight anomalies such as unusual traffic
anomalies in the network that could signal spikes, as well as the presence of outlier
potential security threats. connections, among other things. These visual
 Data Exploration Through Visualizations: I tools simplified the identification of behaviors
utilized a series of charts and graphs to delve that signal attacks on computers or other
into key research questions and gain a deeper suspicious activities on the internet, as they
understanding of the data. Each visualization

IJMSRT24SEP038 www.ijmsrt.com 269

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
clearly illustrate the distinct patterns associated  Plot Types: Various chart types were utilized
with these behaviors. to provide insights into different aspects of the
 A Visual Representation Is Invaluable: The dataset:
study was able to draw important conclusions 
about how network dynamics changed in Scatter Plots: These plots were used to display
relation to cybersecurity events by exclusively the relationship between features like Source
relying on visual exploration of the available IP Address, Destination IP Address, and
data. A visual approach allows for nonverbal Connection Duration, allowing visualization of
comprehension of complex information, normal traffic clusters and potential outliers
making it easier to detect trends and anomalies indicating suspicious behavior.
that traditional statistical methods may Line Charts: Utilized to showcase variations in
overlook. network traffic over time. This enabled the
 Iterative Process: Through an iterative process, identification of spikes or unusual patterns that
new insights were uncovered by repeatedly could be indicative of cyber-attacks.
visualizing the data, allowing for a more in- Bar Charts: Bar Charts are employed to
depth exploration. When new patterns or compare the frequency of different types of
anomalies arose, additional visualizations were network traffic, such as normal versus attack
created to delve into specific findings. traffic, to analyze the distribution of various
By honing in on these crucial questions using attacks.
visuals, the research thoroughly examined Heatmaps are utilized to visualize the
network traffic and its vulnerabilities to cyber concentration of network traffic between
security incidents. This method offered a specific source and destination IP addresses,
detailed yet user-friendly way to demonstrate thereby identifying potentially anomalous
how network behaviors changed in response to connections.
security threats, enabling recommendations for
enhancing network monitoring and threat  Plotly offers customization options to enhance
detection mechanisms. the clarity and presentation of each graph's
different elements. Therefore, customizations
K. Visualization Tools were implemented, including clear and
descriptive labeling of the x-axis and y-axis to
In this study on the impact of cybersecurity ensure easy comprehension.
incidents on network traffic, the investigation
relied on Plotly, an interactive and powerful data Distinct color schemes are used to differentiate
visualization library. Plotly was chosen for its normal traffic from potential attacks. For
ability to create adaptable and interactive charts, example, cyber-attacks are highlighted in red,
enabling in-depth analysis of network traffic while normal traffic is depicted in green or
patterns. blue.
 Interactive Visualizations: Plotly's primary Annotations are added to highlight key events,
advantage lies in its ability to generate such as periods of increased network activity
interactive plots. It offers features such as or suspected attacks, on the plots to showcase
zooming in on specific areas, accessing more important findings.
information by hovering over data points, and
dynamically filtering or adjusting the view.  Interactive Live Data: Plotly images can be
These capabilities proved particularly helpful accessed on web platforms, offering the
in comprehending complex network traffic advantage of real-time interactivity. This
patterns, where detecting specific anomalies or enables continuous monitoring of network
trends necessitated thorough exploration. traffic patterns. Even though the analysis was
based on a static dataset, these tools have the
potential to be used in real time for network

IJMSRT24SEP038 www.ijmsrt.com 270

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
monitoring and quick anomaly detection, M. Time Patterns of Suspicious Network
contributing to better network administration. Activities
L. Results and Discussion It is important to investigate patterns of abnormal
In this section, we examine various aspects of network behavior over time in order to identify
cyber threats, including the timing of suspicious high-risk periods and enhance cybersecurity.
activities, the impact of transport protocols on Organizations can analyze year-on-year, month-
internet traffic vulnerability, and the significance on-month, day-on-day, and hourly data to allocate
of IP addresses in cyber-attacks. Our analysis resources wisely and anticipate potential attacks
covers the influence of different protocols on during periods of heightened risk.
packet size and security, as well as common
threats associated with major IPs and the specific An analysis of data from 2020 to 2023 shows a
vulnerabilities of devices using Windows, which consistent number of incidents, with over 10,000
are frequently targeted. Furthermore, we suspicious actions reported each year until 2023,
investigate the potential use of log sources for when a decrease to 8139 was observed. This
detecting and responding to threats, and provide decrease may indicate improvements in security
suggestions for improving security measures and measures or shifts in attack patterns.
response strategies.

Figure 6: Plot of Network Yearly Patterns

Some months, such as December 2020, June 2021, variations, suggesting that attackers may be taking
and July 2022, experienced high levels of activity. advantage of less secure periods for organizations.
Analysis of monthly trends demonstrates

IJMSRT24SEP038 www.ijmsrt.com 271

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706

Figure 7: Plot of Network Monthly Patterns

When looking at the days of the week, it is evident This pattern implies that attackers tend to focus on
that there is increased activity on weekdays, with busy days when security measures may be more
Fridays being particularly susceptible to incidents. relaxed within organizations.

Figure 8: Plot of Network Weekly Patterns likelihood of similar incidents occurring in the
future.
As a result, it is essential for organizations to
continuously monitor and adapt their cybersecurity N. Impact of Protocols on Packet Length and
strategies based on these temporal patterns. They Traffic Type
should also strengthen their defense mechanisms, Protocols such as ICMP, TCP, and UDP play a
especially during peak periods like busy days or crucial role in understanding the behavior of
months, to mitigate potential cyber-attacks. This different types of traffic and the potential impact
can be achieved by anticipating and reducing of large packets, especially in security-sensitive
response times, as well as minimizing the environments. Analyzing the average, maximum,
and minimum packet lengths across various traffic

IJMSRT24SEP038 www.ijmsrt.com 272

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
data volume during large-scale detection or ping
operations. TCP, known for reliable connection-
types including DNS, FTP, and HTTP allows us to
based communication, maintains nearly consistent
dive into the behavior of these protocols.
packet sizes, emphasizing its role in ensuring
The findings reveal that ICMP tends to have precise data transmission, essential for traffics like
slightly larger mean packet lengths compared to FTP or HTTP. Conversely, UDP, a non-
TCP and UDP. Across all protocols, the maximum
connection oriented and faster transmission
packet length can reach up to 1500 bytes. This
approach, maintains similar mean packet lengths,
signifies that ICMP, commonly utilized for error
indicating that speed compromise’s reliability
messages and diagnostics, frequently handles
without significantly affecting packet size.
larger packets, potentially leading to increased
Figure 9:Plot Showing the Impact of Protocol lightweight approach may expose the entire

Different protocols handle traffic, which can result network to amplification attacks. It is crucial to
in security vulnerabilities. Attackers can exploit understand this in order to optimize the adoption
the diagnostic nature of ICMP for network of security measures in networks and ensure
reconnaissance, and connection-based TCP can be sufficient protection against these vulnerabilities.
vulnerable to denial-of-service attacks. UDP's

Figure 10: Plot Showing Packet Length Across repeatedly involved in different forms of attacks.
Traffic Type and Protocols The most prevalent among these is the occurrence
of malware attacks originating from several
O. Impact of Top IP Addresses on Malicious prominent source IP addresses, including
Traffic and Associated Attack Types 103.216.15.12, 197.184.240.174, and
40.119.100.114. Similarly, intrusion attempts on
An in-depth investigation into the suspicious other identified IPs like 119.183.250.156 and
traffic reveals that various IP addresses are 147.178.224.232 are also notable, and there have

IJMSRT24SEP038 www.ijmsrt.com 273

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
been observed DDoS attempts from 74.225.47.66
and 80.60.140.131. On the other hand, high-
ranking destination addresses primarily indicate
intrusion or malware occurrences on IPs such as
112.135.140.167 and 14.172.223.72, while DDoS
attacks have been witnessed multiple times on
addresses like 12525219110 or 20213243236. This
highlights the need for specific preventive actions
targeted at these types of threats, given the
common attack patterns observed.

Figure 13: Plot Showing Total Threat by Device

When it comes to the distribution of threat types
across different devices and operating systems,
Windows faces the highest number of threats
across all attack categories, including DDoS,
Intrusion, and Malware. On the other hand, Linux
and Macintosh have significantly fewer threats
across these categories compared to Windows. The
distribution illustrates that DDoS and malware
Figure 11: Plot Showing Top IP Sources Based on target Windows the most, while other operating
Attack Types systems, like iPad, have minimal threats in
comparison.

Figure 12: Plot Showing Top IP Destination

Based on Attack Types
P. Impact of Packet Length on Threat Types Figure 14: Plot Showing Distribution of Threat by
and Device/OS Distribution Device
The investigation offers intriguing insights into the
different threats targeting various devices and The average length of packets can provide insight
operating systems, based on packet length and into the severity of threats and slightly differs
their average severity. across devices. iPads stand out with an average
packet length of 800.30 bytes, indicating the
In terms of total detected threats, Windows is the potential for more severe threats or larger data
most targeted platform, with 17,953 threats, transfers. On the other hand, android devices have
followed by Linux with 8,840, Macintosh with a lower average packet length of 786.72 bytes but
5,813, and iPod with 2,656. iPhone, iPad, and still face a significant number of attacks.
Android have fewer threats, with 1,567, 1,551, and Windows, Macintosh, and iPod have similar
1,620 instances respectively. average packet lengths, suggesting that they
experience threats with similar intensity.

IJMSRT24SEP038 www.ijmsrt.com 274

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706

Figure 15: Plot Showing Severity of Threat by

Device Figure 16: Plot Showing Threats by Log Sources
Furthermore, these findings suggest that Windows The average response times show some anomalies.
is the most targeted device type with various DDoS attacks have an average response time of -
attack vectors and significant threat impact. 981,523.56s, Intrusions at 26,535.96s, and
Therefore, understanding the reasons for variations Malware incidents at -391,837.36s on the Firewall.
in packet length among different devices can help Meanwhile, on the Server, DDoS attacks have an
identify the types of threats and their implications average response time of 984,308.56 seconds,
on these platforms, guiding focused security Intrusions at -23,444.39s, and Malware infections
efforts and responses. at 404,225.89s. The negative values raise concerns
about the accuracy of time stamps, potentially
Q. Analysis of Threat Detection and Response indicating inconsistencies or errors during the
Time recording process. Despite the vital roles played
Analysis of threat detection trends from multiple by Firewalls and Servers in detecting network
log sources has uncovered some intriguing threats, the significant data quality problems
patterns. Specifically, the Firewall log source has suggested by their average response times warrant
been instrumental in combating numerous threats, further extensive investigation.
with 6,734 DDoS attacks, 6,638 intrusion
attempts, and 6,744 malware incidents detected.
This underscores its crucial role in monitoring and
addressing various threat types. Conversely, the
Server log source has recorded 6,694 DDoS
attacks, 6,627 intrusion attempts, and 6,563
malware incidents, indicating a nearly equal
capacity to detect different threat types, albeit with
slightly lower numbers for malware. While both
log sources are effective, the Firewall
demonstrates a marginally higher detection rate for
specific threats.

Figure 17: Plot Showing ART by Attack Type and

Log

R. Interpretation of Log Source Distribution:

Different types of approaches such as Blocked,
Ignored, and Logged are used to counter various
attacks including DDoS, Intrusion, and Malware in
the log source distribution. It is recommended to
adopt a proactive defense strategy. The data
indicates that the highest number of threats were

IJMSRT24SEP038 www.ijmsrt.com 275

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
blocked, with Intrusion leading at 4,553, followed importance of implementing tailored security
by DDoS at 4,533 and malware at 4,443. strategies across different platforms for effective
However, this could suggest that these threats protection.
might be less serious or misclassified. Some
In addition, an examination of traffic volume
attacks were ignored, especially DDoS at 4,459,
over time has revealed a correlation between peak
Intrusion at 4,401, and Malware at 4,416. There
traffic periods and spikes in security incidents.
was a balanced logging activity for all attack
This underscores the need for continuous
types, with Malware having slightly more records
monitoring and adaptable security measures to
at 4,448 compared to DDoS (4,436) and Intrusion
prevent potential risks. Tools and methods such as
(4,311). This suggests a greater focus on blocking,
firewalls, encryption, and AI-based traffic analysis
while logging and ignoring attacks can sometimes
have proven effective in addressing these threats
suffice for monitoring purposes.
by providing protection against them.
To enhance network security effectively, we
propose the following:
 Implement Real-time Monitoring: Utilize
advanced real-time monitoring systems capable
of promptly detecting any abnormal spikes or
suspicious activities. The use of AI-powered
tools will improve anomaly detection
capability, leading to quicker and more precise
defense mechanisms.
 Strengthen Protocol-Specific Defenses:
Develop specific security measures tailored to
Figure 18: Plot Showing Log Source by Attack different network protocols used by various
Type websites. For example, implementing targeted
ICMP protection or TCP protections can help
 Conclusion And Recommendation mitigate certain vulnerabilities, thereby
The analysis of cybersecurity's impact on network reducing potential attack vectors.
traffic has revealed the complex and diverse ways  Prioritize testing on insecure IP addresses that
in which security measures influence network are frequently targeted for security breaches.
behavior. By examining time patterns of Monitoring and defending these high-risk
suspicious activities, the influence of network addresses with threat intelligence can prevent
protocols, the involvement of IP addresses in successful breaches and mitigate associated
attacks, and the distribution of threats across risks.
devices and operating systems, we have gained
insight into how computer threats impact network  Adjust security strategies for different platforms
movements. depending on their vulnerabilities. Given that
Windows devices are commonly targeted, tailor
Our research indicates a strong correlation security measures accordingly and ensure
between cybersecurity incidents and changes in regular updates and patches to protect against
network traffic behavior, particularly during peak known exploits.
times when there is a higher prevalence of such
threats. We have established that different  Continuously assess and upgrade cybersecurity
protocols such as ICMP, TCP, or UDP have tools to keep them current. This includes
distinct roles in transmitting data packets and their enhancing encryption methods, digital
associated vulnerabilities. It is evident that signatures, and other security features to
frequently targeted IP addresses highlight common minimize data protection threats.
methods that hackers use to access systems,  References
necessitating specific countermeasures against
these threats. Furthermore, the majority of attacks [1] Abdel-Rahman, M., 2023. Advanced
were aimed at Windows devices, underscoring the cybersecurity measures in IT service

IJMSRT24SEP038 www.ijmsrt.com 276

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
operations and their crucial role in Computer and Communication Engineering,
safeguarding enterprise data in a connected vol. 7, no. 11, pp. 125–128, 2018.
world. Eigenpub Review of Science and [11] C. O. K. CLN, E. I. C.-K. CLN, I. A. A.
Technology, 7(1), pp.138-158. O. CLN, and B. A. U. CLN, “Issues on
[2] Mallick, M.A.I. and Nath, R., 2024. information systems, icts, cyber-crimes, cyber
Navigating the Cyber security Landscape: A security, cyber ethics, and national security in
Comprehensive Review of Cyber-Attacks, nigeria: Librarians’ research,” Library
Emerging Trends, and Recent Developments. Philosophy and Practice, pp. 1–19, 2020.
World Scientific News, 190(1), pp.1-69. [12] S. Al-Emadi, A. Al-Mohannadi, and F. Al-
[3] Iftikhar, S., 2024. Cyberterrorism as a Senaid, “Using deep learning techniques for
global threat: a review on repercussions and network intrusion detection,” in 2020 IEEE
countermeasures. Peerj Computer Science, 10, International Conference on Informatics, iot,
p.e1772. and Enabling Technologies (iciot). IEEE,
[4] Al Naim, A.F. and Ghouri, A.M., 2023. 2020, pp. 171–176.
Exploring the Role of Cyber Security [13] L. Griffin, “The effectiveness of
Measures (Encryption, Firewalls, and cybersecurity awareness training in reducing
Authentication Protocols) in Preventing employee negligence within department of
Cyber-Attacks on E-commerce Platforms. defense (dod) affiliated organizations-
International Journal of ebusiness and qualitative exploratory case study,” Ph.D. Dis-
egovernment Studies, 15(1), pp.44-469. sertation, Capella University, 2021.
[5] Y. Li and Q. Liu, “A comprehensive [14] T. Bhardwaj, H. Upadhyay, and L. Lagos,
review study of cyber-attacks and cyber “Deep learning-based cyber security solutions
security; emerging trends and recent for smart-city: Application and review,”
developments,” Energy Reports, vol. 7, pp. Artificial Intelligence in Industrial
8176–8186, 2021. Applications, pp. 175–192, 2022.
[6] B. Alhayani, S. T. Abbas, D. Z. Khutar, [15] B. Cashell, W. D. Jackson, M. Jickling,
and H. J. Mohammed, “Best ways and B. Webel, “The economic impact of
computation intelligent of face cyber attacks,” cyber-attacks,” Congressional research service
Materials Today: Proceedings, 2021. documents, CRS RL32331 (Washington DC),
[7] A. Hawamleh, A. S. M. Alorfi, J. A. Al- vol. 2, 2004.
Gasawneh, and G. Al- Rawashdeh, “Cyber [16] F. Skopik, G. Settanni, and R. Fiedler, “A
security and ethical hacking: The importance problem shared is a problem halved: A survey
of protecting user data,” Solid State on the dimensions of collective cyber defense
Technology, vol. 63, no. 5, pp. 7894– 7899, through security information sharing,”
2020. Computers & Security, vol. 60, pp. 154– 176,
[8] S. Cheung, U. Lindqvist, and M. W. Fong, 2016.
“Modeling multistep cyber attacks for [17] K. Thakur, M. L. Ali, S. Kopecky, A.
scenario recognition,” in Proceedings DARPA Kamruzzaman, and L. Tao, “Connectivity,
Information Survivability Conference And traffic flow and applied statistics in cyber
Exposition, vol. 1. IEEE, 2003, pp. 284– 292. security,” in 2016 IEEE International
[9] I. Frank and E. Odunayo, “Approach to Conference on Smart Cloud (smartcloud).
cyber security issues in nigeria: challenges and IEEE, 2016, pp. 295–300.
solution,” International Journal of Cognitive [18] S. Demirkan, I. Demirkan, and A. Mckee,
Research in science, engineering and “Blockchain technology in the future of
education, vol. 1, no. 1, pp. 100–110, 2013. business cyber security and accounting,”
[10] P. Seemma, S. Nandhini, and M. Journal of Management Analytics, vol. 7, no.
Sowmiya, “Overview of cyber se- curity,” 2, pp. 189–208, 2020.
International Journal of Advanced Research in [19] W. Steingartner, D. Galinec, and A.
Kozina, “Threat defense: Cyber deception

IJMSRT24SEP038 www.ijmsrt.com 277

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
approach and education for resilience in [30] N. C. Hampson, “Hacktivism: A new
hybrid threats model,” Symmetry, vol. 13, no. breed of protest in a networked world,” BC
4, p. 597, 2021. Int’l & Comp. L. Rev., vol. 35, p. 511, 2012.
[20] Kodete, Chandra Shikhi, Bharadwaj [31] T. U. Rehman, “Psychosocial aspects of
Thuraka, Vikram Pasupuleti, and Saiteja cybercrime victimization in pakistan,” in
Malisetty. 2024. “Determining the Efficacy of Handbook of Research on Applied Social
Machine Learning Strategies in Quelling Psychology in Multiculturalism. IGI Global,
Cyber Security Threats: Evidence from 2021, pp. 192–211.
Selected Literatures”. Asian Journal of [32] D. Shivpuri, “Cyber crime: Are the law
Research in Computer Science 17 (8):24-33. outdated for this type of crime,” International
Https://doi.org/10.9734/ajrcos/2024/v17i7487. Journal of Research in Engineering, Science
[21] O. T. Soyoye and K. C. Stefferud, and Management, vol. 4, no. 7, pp. 44–49,
“Cybersecurity risk assessment for california’s 2021.
smart inverter functions,” in 2019 IEEE [33] A. Sarmah, R. Sarmah, and A. J. Baruah,
cyberpels (cyberpels). IEEE, 2019, pp. 1–5. “A brief study on cyber crime and cyber law’s
[22] M. Lezzi, M. Lazoi, and A. Corallo, of india,” International Research Journal of
“Cybersecurity for industry 4.0 in the current Engineering and Technology (IRJET), vol. 4,
literature: A reference framework,” no. 6, pp. 1633–1640, 2017.
Computers in Industry, vol. 103, pp. 97–110, [34] M. Abomhara and G. M. Køien, “Cyber
2018. security and the internet of things:
[23] W. A. Al-Khater, S. Al-Maadeed, A. A. vulnerabilities, threats, intruders and attacks,”
Ahmed, A. S. Sadiq, and M. K. Khan, Journal of Cyber Security and Mobility, pp.
“Comprehensive review of cybercrime 65–88, 2015.
detection techniques,” IEEE Access, vol. 8, [35] C. Ventures, “2019 official annual
pp. 137 293–137 311, 2020. cybercrime report,” in Recuperado el.
[24] N. Setiawan, V. C. E. Tarigan, P. B. Sari, Herjavec Group, 2019.
Y. Rossanty, M. Nasution, and I. Siregar, [36] R. Fisher, C. Porod, and S. Peterson,
“Impact of cybercrime in e-business and “Motivating employees and organizations to
trust,” Int. J. Civ. Eng. Technol, vol. 9, no. 7, adopt a cybersecurity-focused culture,”
pp. 652–656, 2018. Journal of Organizational Psychology, vol. 21,
[25] T. Holt and A. Bossler, Cybercrime in no. 1, pp. 114–131, 2021.
progress: Theory and prevention of [37] A. Al-Marghilani, “Comprehensive
technology-enabled offenses. Routledge, analysis of iot malware evasion techniques,”
2015. Engineering, Technology & Applied Science
[26] R. Anderson, C. Barton, R. Bo¨hme, R. Research, vol. 11, no. 4, pp. 7495–7500, 2021.
Clayton, M. J. Van Eeten, [38] A. Goel, D. K. Sharma, and K. D. Gupta,
[27] M. Levi, T. Moore, and S. Savage, “Leobat: Lightweight encryption and otp
“Measuring the cost of cybercrime,” in The based authentication technique for securing iot
economics of information security and networks,” Expert Systems, vol. 39, no. 5, p.
privacy. Springer, 2013, pp. 265–300. E12788, 2022.
[28] S. Gordon and R. Ford, “On the definition [39] Y. E. Suzuki and S. A. S. Monroy,
and classification of cybercrime,” Journal in “Prevention and mitigation measures against
computer virology, vol. 2, no. 1, pp. 13–20, phishing emails: a sequential schema model,”
2006. Security Journal, vol. 35, no. 4, pp. 1162–
[29] A. C. Moise et al., “A few comments on 1182, 2022.
the council of europe convention on [40] B. B. Gupta, A. Tewari, A. K. Jain, and D.
cybercrime,” Jurnalul de Drept si Stiinte P. Agrawal, “Fighting against phishing
Administrative, vol. 2, no. 8, pp. 28–38, 2017. attacks: state of the art and future challenges,”

IJMSRT24SEP038 www.ijmsrt.com 278

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
Neural Computing and Applications, vol. 28, Secure Services (mobisecserv). IEEE, 2017,
no. 12, pp. 3629–3654, 2017. pp. 1–5.
[41] M. Conti, N. Dragoni, and V. Lesyk, “A [51] M. Papoutsakis, K. Fysarakis, G.
survey of man in the middle attacks,” IEEE Spanoudakis, S. Ioannidis, and K. Koloutsou,
Communications Surveys & Tutorials, vol. 18, “Towards a collection of security and privacy
no. 3, pp. 2027–2051, 2016. patterns,”
[42] K. M. Prasad, A. R. M. Reddy, and K. V. [52] Applied Sciences, vol. 11, no. 4, p. 1396,
Rao, “Dos and ddos attacks: defense, detection 2021.
and traceback mechanisms-a survey,” Global [53] S. Boonkrong, “Methods and threats of
Journal of Computer Science and Technology, authentication,” in Authentica- tion and
2014. Access Control. Springer, 2021, pp. 45–70.
[43] S. Shalini and S. Usha, “Prevention of [54] A. Kanta, S. Coray, I. Coisel, and M.
cross-site scripting attacks (xss) on web Scanlon, “How viable is password cracking in
applications in the client side,” International digital forensic investigation? Analyzing the
Journal of Computer Science Issues (IJCSI), guessability of over 3.9 billion real-world
vol. 8, no. 4, p. 650, 2011. accounts,” Forensic Science International:
[44] M. Souppaya, K. Scarfone et al., “Guide to Digital Investigation, vol. 37, p. 301186,
malware incident prevention and handling for 2021.
desktops and laptops,” NIST Special [55] R. Beno and R. Poet, “Hacking passwords
Publication, vol. 800, p. 83, 2013. that satisfy common pass- word policies:
[45] A. Sheikh, “Trojans, backdoors, viruses, Hacking passwords,” in 13th International
and worms,” in Certified Ethical Hacker Conference on Security of Information and
(CEH) Preparation Guide. Springer, 2021, Networks, 2020, pp. 1–3.
pp. 49– 69. [56] V. Nithya, S. L. Pandian, and C.
[46] S. Sharma, “Design and implementation of Malarvizhi, “A survey on detection and
malware detection scheme.” International prevention of cross-site scripting attack,”
Journal of Computer Network & Information International Journal of Security and Its
Security, vol. 10, no. 8, 2018. Applications, vol. 9, no. 3, pp. 139–152, 2015.
[47] M. Rai and H. Mandoria, “A study on [57] A. M. K. Alhawamleh, “Web based
cyber crimes cyber criminals and major english placement test system (elpts),” Ph.D.
security breaches,” Int. Res. J. Eng. Technol., Dissertation, Universiti Utara Malaysia, 2012.
vol. 6, no. 7, pp. 1–8, 2019. [58] A. Raman, S. Kaushik et al., “A
[48] B. Narwal, A. K. Mohapatra, and K. A. comprehensive study of contemporary tools
Usmani, “Towards a taxonomy of cyber and techniques in the realm of cyber security,”
threats against target applications,” Journal of IITM Journal of Management and IT, vol. 7,
Statistics and Management Systems, vol. 22, no. 1, pp. 108–120, 2016.
no. 2, pp. 301–325, 2019. [59] J. L. Duffany, “Computer security,” in
[49] I. A. Chesti, M. Humayun, N. U. Sama, Computer and Network Security Essentials.
and N. Jhanjhi, “Evolution, mitigation, and Springer, 2018, pp. 3–20.
prevention of ransomware,” in 2020 2nd [60] K. Kallepalli and U. B. Chaudhry,
International Conference on Computer and “Intelligent security: Applying artificial
Information Sciences (ICCIS). IEEE, 2020, intelligence to detect advanced cyber attacks,”
pp. 1–6. in Challenges in the iot and Smart
[50] K. K. Gagneja, “Knowing the ransomware Environments. Springer, 2021, pp. 287–320.
and building defense against it-specific to [61] M. Chakraborty and M. Singh,
healthcare institutes,” in 2017 Third “Introduction to network security
International Confer- ence on Mobile and technologies,” in The” Essence” of Network

IJMSRT24SEP038 www.ijmsrt.com 279

 Volume2, Issue09, Sep 2024 International Journal of Modern Science and Research Technology
ISSN No- 2584-2706
Security: An End-to-End Panorama. Springer, [65] M. B. Yassein, S. Aljawarneh, E.
2021, pp. 3–28. Qawasmeh, W. Mardini, and Y. Khamayseh,
[62] H. Tabrizchi and M. Kuchaki Rafsanjani, “Comprehensive study of symmetric key and
“A survey on security chal- lenges in cloud asym- metric key encryption algorithms,” in
computing: issues, threats, and solutions,” The 2017 international conference on engineering
journal of supercomputing, vol. 76, no. 12, pp. and technology (ICET). IEEE, 2017, pp. 1–7.
9493–9532, 2020. [66] N. G. Kumar and K. K. Rao, “Hash based
[63] R. P. Jover, “Security analysis of sms as a approach for providing privacy and integrity
second factor of authentica- tion,” in cloud data storage using digital signatures,”
Communications of the ACM, vol. 63, no. 12, International Journal of Computer Science and
pp. 46–52, 2020. Information Technolo- gies, vol. 5, no. 6, pp.
[64] M. F. Mushtaq, S. Jamel, A. H. Disina, Z. 8074–8078, 2014.
A. Pindar, N. S. A. Shakir, and M. M. Deris, [67] D. Hofheinz and T. Jager, “Tightly secure
“A survey on the cryptographic encryption signatures and public-key encryption,”
algorithms,” International Journal of Designs, Codes and Cryptography, vol. 80, no.
Advanced Computer Science and 1, pp. 29– 61, 2016.
Applications, vol. 8, no. 11, 2017.

IJMSRT24SEP038 www.ijmsrt.com 280