Topological Analysis and Visualisation of Network Monitoring Data: Darknet case study

Abstract : Network monitoring is a primordial source of data in cyber-security since it may reveal abnormal behaviors of users or applications. Indeed, security analysts and tools like IDS (Intrusion Detection system) or SIEM (security information and event management) rely on them as a single source of information or combined with others. In this paper, we propose a visualisation method derived from the Mapper algorithm that has been developed in the field of Topological Data Analysis (TDA). The developed method and its associated tool are able to analyze a large number of IP packets in order to make malicious activities patterns easily observable by security analysts. We applied our method to darknet data, \textit{i.e.} from an entire and supposed not used subnetwork in Internet and we have found that those observable patterns have been missed by Suricata, a widely used State-of-the-Art IDS.
Document type :
Conference papers
Complete list of metadatas

Cited literature [20 references]  Display  Hide  Download

https://hal.inria.fr/hal-01403950
Contributor : Jérôme François <>
Submitted on : Monday, November 28, 2016 - 10:56:15 AM
Last modification on : Thursday, February 7, 2019 - 2:35:45 PM
Long-term archiving on : Monday, March 20, 2017 - 8:33:30 PM

File

wifs16.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01403950, version 1

Collections

Citation

Marc Coudriau, Abdelkader Lahmadi, Jerome Francois. Topological Analysis and Visualisation of Network Monitoring Data: Darknet case study. 8th IEEE International Workshop on Information Forensics and Security - WIFS 2016, Dec 2016, Abu Dhabi, United Arab Emirates. ⟨hal-01403950⟩

Share

Metrics

Record views

938

Files downloads

1068