An Exploration of Geolocation and Traffic Visualisation Using Network Flows to Aid in Cyber Defence

By Sean Pennefather

Visualisation

Geolocation

Realtime


Problem Statement

Network flow processing has the potential to allow for a large reduction in the volume of data to be processed by monitoring systems when compared to traditional packet processing counterparts. The reason for this reduction in volume is that a network flow is a single record that represents the characteristics associated with an instance of communication between two hosts using an IP layer protocol. A flow record does not record the actual data transferred and as a result, the record size is only dependent on the number of characteristics the record must report on rather than the number of packets transferred for the duration of the connection.

This allows network flows to be used to reduce the volume of data that must be processed. This reduction comes at the cost of not recording the actual content of the packets that make up the connection which are required by systems that employ packet analysis techniques as part of processing. Because of this reduction in resolution, the effectiveness of utilising network flows for traffic visualisation to aid in cyber defence is not immediately apparent and needs further exploration.

Research Timeline

02/2013
Project Begins

Beginning of the new year.

03/2013
Project Proposal

Formalisation of the research goals and approach is developed. A project timeline is established.

03/2013
Prototype System Design

This description should not look so weird with more than two lines of text, right? Right?

04/2013
Seminar 1

First seminar series. Research topic was presented to the department which included research goals and progress.

08/2013
Testing and Results

After implementation of the designed system, conformance tests need to be run to test system functionality. Timing tests will also be performed to determine applicability of a realtime geolocation system

08/2013
Begin Writeup

Writeup of the research performed begins.

10/2013
Seminar 2

Second seminar series. Overview of research performed is given and results are presented and discussed.

11/2013
Final Handin

Completed writeup of research is handed in.