Network Traffic Analysis using Deep Packet Inspection and Data Visualization: Eventpad: the Sublime editor for network traffic

Presented at Still Hacking Anyway (SHA2017), Aug. 6, 2017, 10:40 p.m. (30 minutes)

For the protection of (critical) infrastructures against complex virus attacks, deep packet inspection is unavoidable. In our project SpySpot we are developing new tools and techniques to assist analysts in gaining insight and reverse engineering WireShark PCAP files. In this talk we present and demo a new data visualization system Eventpad to study PCAP traffic by visualizing patterns according to user-defined rules. We illustrate the effectiveness of the system on real-world traffic including VoIP communication and Ransomware activity in file systems. #NetworkSecurity #DeviceSecurity The difference between expected and actual behavior in network traffic is nearly impossible to prevent. In order to discover and understand potential bottlenecks in network environments, we propose a visual analytics approach to the analysis of PCAP traffic. Discovery of computer viruses or suboptimal resource usage in the traffic for instance can assist analysts in debugging and optimizing their system. In this research we study how visualization of PCAP communication can help domain experts in understanding whether their system operates as desired.

Presenters:

• ArrayX
  I am PhD student from Eindhoven University of Technology in the area of data visualization. In our project SpySpot we develop new tools to reverse engineer and analyse WireShark PCAP traffic. The goal of this project is to discover zero-day vulnerabilities and anomalous behavior using visualization and machine learning techniques.

Links:

• https://program.sha2017.org/events/369.html

Similar Presentations:

• DEF CON 31 (2023) / Pcapinator: Rise of the PCAP Machines Demo
• CarolinaCon 14 (2018) / Presenting P@cketR@quet: An Auditory IDS/Network Auralizer
• Kernelcon 2019 / PCAP Feature Engineering for Machine Learning