By: Samuel Oswald HunterSupervisor: Mr Barry Irwin

AUTOMATED ANALYSIS AND AGGREGATION OF PACKET DATA OVER DISTRIBUTED NETWORK TELESCOPES

BACKGROUND

•Network telescopes passively collect packet data.

•Packet data is filtered and added to a central database.

•Packet’s are then analysed according to pre-determined security metrics

(more on these metrics later).

•Interactive and dynamic visual representation of data.

• Allow for representation of large amounts of data and grants the

ability to observe finer details of that information.

• Fast, accurate and informative data traversal.

• Enables us to show trends.

Project Background

PROJECT OBJECTIVES

• Create a framework to aggregate packet data between network telescopes

to a central management node.

• Management node will perform processing on incoming datasets to

generate use full outputs such as:

• Real-time black hole lists (RBL).

• Border Gateway Protocol (BGP) maps.

• Create a dashboard application that can analyse and generate reports

based on the collected packet data.

• Must generate automated periodic reports and visual representations of the

packet analysis.• Allow browsing of historical data and some ad-hoc queries.

Project Objectives

PROPOSED SECURITY M

ETRICS• Source to target geographical locations.• Break down composition of protocols used (TCP, UDP, ICMP)• Target and Source port numbers• Density of packets (amount) captured over time. (Traffic Rates)

Security Metrics

TOOLS AND APPROACH

•Further research in data visualization techniques• Interactive and dynamic representation

•Security Metrics• Research what other information can be determined• How this information can be used

•Application Development• Php• Python• Adobe AIR• Ajax• Flash

Approach and Development

QU

ESTION

SQuestions