Effective Programmatic Analysis of Network Flow Data for Security and Visualization using Higher-order Statistics and Domain Specific Embedded Languages

Effective Programmatic Analysis of Network Flow Data for Security and Visualization using Higher-order Statistics and Domain Specific Embedded Languages

Bibliographic Details
Main Author: Conley, Thomas A.
Language:English
Published: Ohio University / OhioLINK 2012
Subjects:
Computer Science
Engineering
Information Science
Information Systems
Information Technology
Statistics
NetFlow
Domain Specific Embedded Language
Entropy
Online Access:http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1336482912
id ndltd-OhioLink-oai-etd.ohiolink.edu-ohiou1336482912
record_format oai_dc
spelling ndltd-OhioLink-oai-etd.ohiolink.edu-ohiou13364829122021-08-03T05:47:17Z Effective Programmatic Analysis of Network Flow Data for Security and Visualization using Higher-order Statistics and Domain Specific Embedded Languages Conley, Thomas A. Computer Science Engineering Information Science Information Systems Information Technology Statistics NetFlow Domain Specific Embedded Language Entropy Statistics <p>The widespread availability of information on networks today, coupled with the potential for exploitation by malicious software, demands constant vigilance by network engineers responsible for information security. Even a moderately sized computer network produces a flow of information that is impossible for a human to watch carefully and understand without tools capable of automatic summation and analysis.</p><p>This thesis presents research and engineering that demonstrates the usefulness of network traffic data and presents effective statistical methods and practical mechanisms for analyzing massive amounts of this information for intrusion detection, network forensics, problem alerting and systems monitoring.</p><p>We explore how a simple set of network traffic features can be analyzed and used for characterizing behavior on the network. We suggest that statistical measurements, entropy and other higher-order calculations are effective in determining network status or for detecting anomalies. Communication patterns in NetFlow data are summarized for further automatic analysis or for visual interpretation by information security analysts. We examine the potential for identifying overlying networks, such as botnet command and control systems, within a larger complex network of communication. We suggest ways of automating or assisting the manual processes for traffic analysis currently in place at Ohio University through the development of simple tools.</p> 2012-07-20 English text Ohio University / OhioLINK http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1336482912 http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1336482912 unrestricted This thesis or dissertation is protected by copyright: all rights reserved. It may not be copied or redistributed beyond the terms of applicable copyright laws.
collection NDLTD
language English
sources NDLTD
topic Computer Science
Engineering
Information Science
Information Systems
Information Technology
Statistics
NetFlow
Domain Specific Embedded Language
Entropy
Statistics
spellingShingle Computer Science
Engineering
Information Science
Information Systems
Information Technology
Statistics
NetFlow
Domain Specific Embedded Language
Entropy
Statistics
Conley, Thomas A.
Effective Programmatic Analysis of Network Flow Data for Security and Visualization using Higher-order Statistics and Domain Specific Embedded Languages
author Conley, Thomas A.
author_facet Conley, Thomas A.
author_sort Conley, Thomas A.
title Effective Programmatic Analysis of Network Flow Data for Security and Visualization using Higher-order Statistics and Domain Specific Embedded Languages
title_short Effective Programmatic Analysis of Network Flow Data for Security and Visualization using Higher-order Statistics and Domain Specific Embedded Languages
title_full Effective Programmatic Analysis of Network Flow Data for Security and Visualization using Higher-order Statistics and Domain Specific Embedded Languages
title_fullStr Effective Programmatic Analysis of Network Flow Data for Security and Visualization using Higher-order Statistics and Domain Specific Embedded Languages
title_full_unstemmed Effective Programmatic Analysis of Network Flow Data for Security and Visualization using Higher-order Statistics and Domain Specific Embedded Languages
title_sort effective programmatic analysis of network flow data for security and visualization using higher-order statistics and domain specific embedded languages
publisher Ohio University / OhioLINK
publishDate 2012
url http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1336482912
work_keys_str_mv AT conleythomasa effectiveprogrammaticanalysisofnetworkflowdataforsecurityandvisualizationusinghigherorderstatisticsanddomainspecificembeddedlanguages
_version_ 1719425280777388032

Similar Items