Automated Analysis and Aggregation of Packet Data over Distributed Network Telescopes
description
Transcript of Automated Analysis and Aggregation of Packet Data over Distributed Network Telescopes
By: Samuel Oswald HunterSupervisor: Mr Barry Irwin
AUTOMATED ANALYSIS AND AGGREGATION OF PACKET DATA OVER DISTRIBUTED NETWORK TELESCOPES
BACKGROUND
•Network telescopes passively collect packet data.
•Packet data is filtered and added to a central database.
•Packet’s are then analysed according to pre-determined security metrics
(more on these metrics later).
•Interactive and dynamic visual representation of data.
• Allow for representation of large amounts of data and grants the
ability to observe finer details of that information.
• Fast, accurate and informative data traversal.
• Enables us to show trends.
Project Background
PROJECT OBJECTIVES
• Create a framework to aggregate packet data between network telescopes
to a central management node.
• Management node will perform processing on incoming datasets to
generate use full outputs such as:
• Real-time black hole lists (RBL).
• Border Gateway Protocol (BGP) maps.
• Create a dashboard application that can analyse and generate reports
based on the collected packet data.
• Must generate automated periodic reports and visual representations of the
packet analysis.• Allow browsing of historical data and some ad-hoc queries.
Project Objectives
PROPOSED SECURITY M
ETRICS• Source to target geographical locations.• Break down composition of protocols used (TCP, UDP, ICMP)• Target and Source port numbers• Density of packets (amount) captured over time. (Traffic Rates)
Security Metrics
TOOLS AND APPROACH
•Further research in data visualization techniques• Interactive and dynamic representation
•Security Metrics• Research what other information can be determined• How this information can be used
•Application Development• Php• Python• Adobe AIR• Ajax• Flash
Approach and Development
QU
ESTION
SQuestions