Skip to Main content Skip to Navigation
New interface
Conference papers

Topological Analysis and Visualisation of Network Monitoring Data: Darknet case study

Abstract : Network monitoring is a primordial source of data in cyber-security since it may reveal abnormal behaviors of users or applications. Indeed, security analysts and tools like IDS (Intrusion Detection system) or SIEM (security information and event management) rely on them as a single source of information or combined with others. In this paper, we propose a visualisation method derived from the Mapper algorithm that has been developed in the field of Topological Data Analysis (TDA). The developed method and its associated tool are able to analyze a large number of IP packets in order to make malicious activities patterns easily observable by security analysts. We applied our method to darknet data, \textit{i.e.} from an entire and supposed not used subnetwork in Internet and we have found that those observable patterns have been missed by Suricata, a widely used State-of-the-Art IDS.
Document type :
Conference papers
Complete list of metadata

Cited literature [20 references]  Display  Hide  Download
Contributor : Jérôme François Connect in order to contact the contributor
Submitted on : Monday, November 28, 2016 - 10:56:15 AM
Last modification on : Thursday, March 17, 2022 - 10:08:37 AM
Long-term archiving on: : Monday, March 20, 2017 - 8:33:30 PM


Files produced by the author(s)


  • HAL Id : hal-01403950, version 1



Marc Coudriau, Abdelkader Lahmadi, Jerome Francois. Topological Analysis and Visualisation of Network Monitoring Data: Darknet case study. 8th IEEE International Workshop on Information Forensics and Security - WIFS 2016, Dec 2016, Abu Dhabi, United Arab Emirates. ⟨hal-01403950⟩



Record views


Files downloads