1 / 20

PROJECT PROPOSAL Presentation 27 th February 2009

Visualization tool for network forensics analysis using an Intrusion Detection System ( Cyber ViZ ). PROJECT PROPOSAL Presentation 27 th February 2009. Our Team Members …. Project ID: - PIT-58 Project Team:- Project Coordinator :- Mr. Jayantha Amaraarachchi

vartan
Télécharger la présentation

PROJECT PROPOSAL Presentation 27 th February 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Visualization tool for network forensics analysis using an Intrusion Detection System ( Cyber ViZ ) PROJECT PROPOSALPresentation27th February 2009

  2. Our Team Members … • Project ID: - PIT-58 • Project Team:- • Project Coordinator :- Mr. JayanthaAmaraarachchi • Project Supervisor : - Mr. LakmalRupasinghe • Date of Submission : - 27th February 2009 Presenter : Y.M.P.K.B. Yaparathna CyberViZ

  3. Organization of Presentation • Introduction • What is Network forensics Analysis ? • What is Intrusion Detection ? • Why Network Traffic Visualization is useful ? • Existing Systems and Research • How the system differs Presenter : Y.M.P.K.B. Yaparathna CyberViZ

  4. Organization of Presentation • Aims and Objectives • Methodology • References • Conclusion Presenter : Y.M.P.K.B. Yaparathna CyberViZ

  5. Introduction … • Network based Computer Attacks • Network Forensics is used to find evidence of such Attacks • Recognize Threats through the IDS • Benefits of Visualize Network Traffic • Provide better way to collect evidence Presenter : Y.M.P.K.B. Yaparathna CyberViZ

  6. Network forensics Analysis… • Network forensics is the act of capturing, recording, and analyzing network audit trails • To analyze the traffic according to the user’s needs, to discover useful and interesting things about the analyzed traffic Presenter : I.M. Illangarathna CyberViZ

  7. Intrusion Detection … • What is an ID? • Intrusion Detection analysts continually monitor their networks • Intrusion Detection Systems help analysts recognize threats Presenter : I.M. Illangarathna CyberViZ

  8. Network Traffic Visualization … • Network Traffic must be monitored live & without interrupting • Network Traffic Visualization is more efficient & more readable. Presenter : I.M. Illangarathna CyberViZ

  9. Techniques used in CyberViZ • Proposed systems is a combination of Network Forensics Analysis Intrusion Detection Network Traffic Visualization fields. • These three fields will be integrated to provide a simplified solution for conducting network forensic analysis • Visualized Network forensic analysis utilizes resource and time more efficiently Presenter : I.M. Illangarathna Cyber ViZ

  10. Existing Systems and Research • Evidence collection and analysis in Network forensics Tcpdump and Wireshark are use to packet capturing and packet analyzing. • Visualization effect using graph Development of visualization technique research related to network information start from the end of 1990's. VisFlowConnect uses parallel plots to show the connections between the inside network and the outside network. Presenter : A.H.M.S.D.B. Wadigamangawa CyberViZ

  11. Existing Systems and Research Visualization effect using graph cont….. Therminator is a non-signature based real-time visual tool. NVisionIP uses three views, in combination, to provide an overview of the network. • Network forensic analysis using visualization Georgia Tech Honeynet project is a good model for forensic analysis of network. Presenter : A.H.M.S.D.B. Wadigamangawa Cyber ViZ

  12. How the system differs … • Intrusion Detection module • Forensic agent module • Visualization module Presenter : A.H.M.S.D.B. Wadigamangawa CyberViZ

  13. Aims and Objectives … • Visualizing the network traffic • Simplify network forensic analysis • Integrating an IDS with a network visualization tool for network forensic analysis to be more convenient • Logging network traffic periodically & on demand. Presenter : A.H.M.S.D.B. Wadigamangawa CyberViZ

  14. Methodology … • When modularizing the project, there are several areas to be highlighted. • Background study & literature review • Design Overview • Identifying the technologies to be used Presenter : K.B. Abeyrathne CyberViZ

  15. Design Overview Presenter : K.B. Abeyrathne CyberViZ

  16. Methodology … • System implementation • Implementing the Intrusion Detection System module • Packet capturing and analyzing • Alert generating • Logging network traffic details periodically • Implementing Forensic Agent Module • Implement Forensic agent • Logging forensic details • Implementing Network traffic visualization module • Integrating modules & testing the system CyberViZ Presenter : K.B. Abeyrathne

  17. Conclusion … • Produces a good cost effective solution • System administrator can make use of the online network visualizing process to trace suspicious network activities or potential attacks to the network system. • Network analyst can examine the entire network traffics and discover the characteristics of traffic. • Visualizing the network traffic increases the abilities to detect network anomalies easily & provide better way to collect evidence of a cyber crime. Presenter : D.P.H.R. De Silva CyberViZ

  18. References … [1]Julisch, K. and Dacier, M., Mining intrusion detection alarms for actionable knowledge. Proc. of ACM SIGKDD, (2002), 366-375. [2] Richard Bejtlich, "The Tao of Network Security Monitoring Beyond Intrusion Detection," Addison Wesley, 2004 [3] Angela Orebaugh, "Ethereal Packet Sniffing," Syngress Publishing, 2004 [4] Robert J. Shimonski, Wally Eaton, Umer Khan, Yuri Gordienko, "Sniffer Pro," Syngress, 2002 [5] Port numbers, In URL http://www.iana.org/assignments/port-numbers [6] Richard Bejtlich, "Extrusion Detection," Addison Wesley, 2006 [7] Tufte. E, "The Visual Display of Quantitative Information," 2nd Edition, Graphic Press, May 2001 [8] Krasser. S, Conti. G, Grizzard. J, Gribschaw.J, Owen. H, "Real- Time and Forensic Network Data Analysis Using Animated and Coordinated Visualization,“ IEEE Information Assurance Workshop, June, 2005 Presenter : D.P.H.R. De Silva CyberViZ

  19. References … [13] X. YIN, W. Yurick, M. Treaster, Y. Li, and K. Lakkaraju, "VisFlowConnect: NetFlow Visualizations of Link Relationships for Security Situational Awareness", ACM Workshop on Visualization and Data Mining for Computer Security (VizSec), Washington, D.C., October 2004 Presenter : D.P.H.R. De Silva CyberViZ

  20. ThankYou …

More Related