Asynchronous Record Alignment of Network Flows for Incident Detection and Reconstruction
DOI:
https://doi.org/10.34190/eccws.23.1.2254Keywords:
Cybersecurity, networks, flow, incident, detectionAbstract
In today's interconnected digital landscape, the distribution of cyber threats presents a significant challenge to cyber security. Moreover, as of 2016, the amount of data in the world exceeds one zettabyte. Because of this, evidence-based network flow analytics is a critical component of modern network management and security. Problems such as anomalies in the network flow, cyber security incidents, alert generation, data pre-processing, network monitoring, network flow complexity, and data flow patterns become difficult to detect in massive network data flows. These specific problems can be addressed using Packet capture (PCAP). PCAP analysis is a standard network forensics process and investigation for assessing network behaviour and identifying anomalies. This work presents a method for analysing network flows for probable alignment of asynchronously recorded communications in heterogeneous networks. Using a proposed method for alignment, we can identify the relevant recordings aligned over two data streams for faster and more conclusive incident analysis. We use synthetic network incident scenarios for research experiments, detailing the generation of cyber event data and impact on cloud network traffic, followed by in-depth PCAP analysis. The automated cyber-attacks are simulated within a network infrastructure generating network flows in a PCAP format. Simulated cyber-attacks range from standard port scans, service scans, and specific scenarios like SQL injection, phishing, DoS or DDoS. We define analysis objectives and criteria for the in-depth PCAP analysis and alignment. The evidence gathered showcases valuable information about network data flow and its behaviour.
Downloads
Published
Issue
Section
License
Copyright (c) 2024 European Conference on Cyber Warfare and Security
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.