Abstract
The article proposes different methods of presenting network traffic analysis results, the need for which arises primarily in the area of network security. One of the most important tasks is to identify malicious traffic. For this purpose both the complete graph of network interactions and time-based packet diagram are presented. These components are used during investigation of information security violation incidents. The timing diagram is also used in analysis of tunneling protocols because it allows the analyst to determine which protocol headers are necessary to visualize. For tasks associated with reverse engineering and debugging of network protocols, it is proposed to use a journal which records protocol header parsing errors. Presented graphic components either have no analogues among the opensource tools or improve on existing opensource solutions.
Highlights
One of the most important tasks is to identify malicious traffic. For this purpose both the complete graph of network interactions and time-based packet diagram are presented. These components are used during investigation of information security violation incidents
The timing diagram is used in analysis of tunneling protocols because it allows the analyst to determine which protocol headers are necessary to visualize
For tasks associated with reverse engineering and debugging of network protocols, it is proposed to use a journal which records protocol header parsing errors
Summary
Во многих задачах обеспечения сетевой информационной безопасности требуется детальный анализ сетевого трафика. Среди таких задач можно выделить: расследование инцидентов нарушения ИБ анализ сетевой обстановки обратная инженерия/отладка сетевых протоколов Подобные задачи, как правило, решаются не "на потоке", а путем выделения некоторого фрагмента трафика с помощью программы-сниффера и его последующего анализа. При решении этих задач критическими факторами, влияющими на скорость и эффективность, являются наличие в среде анализа графических компонент, позволяющих визуализировать различные аспекты сетевых взаимодействий, и возможности по переключению и синхронизации между этими компонентами
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Proceedings of the Institute for System Programming of the RAS
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
