An Exploration of Geolocation and Traffic Visualisation Using Network Flows to Aid in Cyber Defence
By Sean Pennefather
By Sean Pennefather
Network flow processing has the potential to allow for a large reduction in the volume of data to be processed by monitoring systems when compared to traditional packet processing counterparts. The reason for this reduction in volume is that a network flow is a single record that represents the characteristics associated with an instance of communication between two hosts using an IP layer protocol. A flow record does not record the actual data transferred and as a result, the record size is only dependent on the number of characteristics the record must report on rather than the number of packets transferred for the duration of the connection. This allows network flows to be used to reduce the volume of data that must be processed. This reduction comes at the cost of not recording the actual content of the packets that make up the connection which are required by systems that employ packet analysis techniques as part of processing. Because of this reduction in resolution, the effectiveness of utilising network flows for traffic visualisation to aid in cyber defence is not immediately apparent and needs further exploration.
Beginning of the new year.
Formalisation of the research goals and approach is developed. A project timeline is established.
This description should not look so weird with more than two lines of text, right? Right?
First seminar series. Research topic was presented to the department which included research goals and progress.
After implementation of the designed system, conformance tests need to be run to test system functionality. Timing tests will also be performed to determine applicability of a realtime geolocation system
Writeup of the research performed begins.
Second seminar series. Overview of research performed is given and results are presented and discussed.
Completed writeup of research is handed in.