Automated Analysis and Aggregation of Packet Data over Distributed Network Telescopes

1. Automated Analysis and Aggregation of Packet Data over Distributed Network Telescopes By: Samuel Oswald Hunter Supervisor: Mr Barry Irwin

2. Project Background • Network telescopes passively collect packet data. • Packet data is filtered and added to a central database. • Packet’s are then analysed according to pre-determined security metrics (more on these metrics later). • Interactive and dynamic visual representation of data. • Allow for representation of large amounts of data and grants the ability to observe finer details of that information. • Fast, accurate and informative data traversal. • Enables us to show trends. Background

3. Project Objectives • Create a framework to aggregate packet data between network telescopes to a central management node. • Management node will perform processing on incoming datasets to generate use full outputs such as: • Real-time black hole lists (RBL). • Border Gateway Protocol (BGP) maps. • Create a dashboard application that can analyse and generate reports based on the collected packet data. • Must generate automated periodic reports and visual representations of the packet analysis. • Allow browsing of historical data and some ad-hoc queries. Project Objectives

4. Security Metrics • Source to target geographical locations. • Break down composition of protocols used (TCP, UDP, ICMP) • Target and Source port numbers • Density of packets (amount) captured over time. (Traffic Rates) Proposed Security Metrics

5. Approach and Development • Further research in data visualization techniques • Interactive and dynamic representation • Security Metrics • Research what other information can be determined • How this information can be used • Application Development • Php • Python • Adobe AIR • Ajax • Flash Tools and Approach

6. Questions Questions