Tranalyzer: Versatile high performance network traffic analyser
| Autor: | Benoit Dupasquier, Stefan Burschka |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
021103 operations research
Computer science business.industry 0211 other engineering and technologies Covert channel 020206 networking & telecommunications Cryptography 02 engineering and technology Troubleshooting computer.software_genre Computer security Encryption Obfuscation (software) 0202 electrical engineering electronic engineering information engineering Deep content inspection Malware business computer Crimeware |
| Zdroj: | SSCI |
| Popis: | IP-based networks are prone to hardware failures, software errors and misconfigurations. This leads to service outages, such as those experienced by American Airlines in 2015. Moreover, cyber threats are becoming ever more sophisticated. As demonstrated by recent success stories of malware, such as the crimeware BlackEnergy, current defence solutions are insufficient to detect those anomalies and threats. Indeed, the widespread use of cryptography and obfuscation techniques limits the effectiveness of standard solutions relying on content inspection. Although statistical based approaches are able to deal with some of these limitations, threats such as data exfiltration and covert channels remain challenging to detect. This paper presents Tranalyzer, a flow-based traffic analyser built upon a flexible plugin-based architecture, allowing efficient processing and analysis of network traffic. The program is presented through a series of real-life scenarios dealing with traffic mining and troubleshooting and provides the analyst with a methodology on how to tackle such challenges, even when encryption or obfuscation techniques are being used. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|