publication . Master thesis . 2014

Visualization of PRADS Output Data Using Open-source Visualization Tools For Improved Log Analysis

Desta, Dawit Hailu;
Open Access English
  • Published: 01 Jan 2014
Abstract
The ever growing network traffic complexity has brought new threats and vulnerabilities that can affect our day to day activities. This lead to high demand for network monitoring and detection system to tackle the emerging threats . Consequently the inspection and assessment of security incidents has become a daily activity for network and system administrators. Network analysts need to have the awareness about every network activity, the status of the network system and the network assets in the network system. Many tools have been developed to detect and monitor network activities using active scanning and passive scanning mechanisms. This thesis focuses on Pa...
Subjects
free text keywords: PRADS, Visualization, Log, file
24 references, page 1 of 2

2 Background and literature 9 2.1 PRADS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.2 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3 Network Topology Visualization . . . . . . . . . . . . . . . . . . . . 13 2.4 Data Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.5 Network Data Visualization Tools . . . . . . . . . . . . . . . . . . . 15 2.5.1 AfterGlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.5.2 Graphviz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.5.3 Gephi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.5.4 Cytoscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.5.5 NodeXL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.5.6 Cichlid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.6 Previous Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3 Methodology 25 3.1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.2 Experiment Environment Setup . . . . . . . . . . . . . . . . . . . . 26 3.3 Visualization Tool Selection . . . . . . . . . . . . . . . . . . . . . . 29 3.4 Proposed Visualization Methodology Setup . . . . . . . . . . . . . 30 3.4.1 Data Collection . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.4.2 Data Normalization . . . . . . . . . . . . . . . . . . . . . . . 31 3.4.3 Data Visualization . . . . . . . . . . . . . . . . . . . . . . . 33 3.4.4 Data Presentation . . . . . . . . . . . . . . . . . . . . . . . . 33 3.5 Database Con guration . . . . . . . . . . . . . . . . . . . . . . . . . 34 3.6 Alternative Approaches . . . . . . . . . . . . . . . . . . . . . . . . . 35 3.7 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 3.7.1 Prototype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.7.2 Properties File . . . . . . . . . . . . . . . . . . . . . . . . . . 40

4 Results 43 4.1 Summary of Open-source Visualization tools for Security Analysis and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 6 Discussion and Future Work 92 6.1 Evaluating PRADS and The Selected Open-source Visualization Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 6.2 Evaluating the Suggested Visualization Methods . . . . . . . . . . 93 6.3 Prototype Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . 94 6.4 General Evaluation of the Project . . . . . . . . . . . . . . . . . . . 96 6.5 Contribution of the Project . . . . . . . . . . . . . . . . . . . . . . . 98 6.6 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 2.1 Functioning of afterglow 1.x . . . . . . . . . . . . . . . . . . . . . . 18 2.2 Functioning of afterglow 2.0 . . . . . . . . . . . . . . . . . . . . . . 18 3.1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 26

[1] Antonio Alegria and Andre Vasconcelos. It architecture automatic verication: A network evidence-based approach. In Research Challenges in Information Science (RCIS), 2010 Fourth International Conference on, pages 1{12. IEEE, 2010.

[2] Cisco Visual Networking Index. Forecast and methodology, 2012{2017 cisco systems, usa, 2013.

[11] Jon Oberheide, Michael Go , and Manish Karir. Flamingo: Visualizing internet tra c. In Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP, pages 150{161. IEEE, 2006.

[13] Huw Read, Andrew Blyth, and Iain Sutherland. A uni ed approach to network tra c and network security visualisation. In Communications, 2009. ICC'09. IEEE International Conference on, pages 1{6. IEEE, 2009.

[15] PRADS-gamelinux prads-wiki. https://github.com/gamelinux/prads/ wiki. Accessed: 2014-03-12.

[16] PRADS-man prads-documentation. https://github.com/gamelinux/ prads/blob/master/doc/prads.man. Accessed: 2014-03-12.

[17] PRADS-Discription passive real-time asset detection system. //manpages.ubuntu.com/manpages/precise/man1/prads.1.html. cessed: 2014-03-12.

[18] at le Databases at le db. http://en.wikipedia.org/wiki/Flat_ file_database. Accessed: 2014-05-06.

[20] Graeme Merrall. Php/mysql tutorial. Webmonkey. com, January, 2005.

[21] AB MySQL. Mysql, 2001.

[22] Josephsen David. Building a monitoring infrastructure with nagios, 2007.

[43] Visualizing Firewall Log Data to Detect Security Incidents trenton bond. http://www.giac.org/paper/gcia/1651/ visualizing-firewall-log-data-detect-security/109883. Accessed: 2014-03-20.

24 references, page 1 of 2
Abstract
The ever growing network traffic complexity has brought new threats and vulnerabilities that can affect our day to day activities. This lead to high demand for network monitoring and detection system to tackle the emerging threats . Consequently the inspection and assessment of security incidents has become a daily activity for network and system administrators. Network analysts need to have the awareness about every network activity, the status of the network system and the network assets in the network system. Many tools have been developed to detect and monitor network activities using active scanning and passive scanning mechanisms. This thesis focuses on Pa...
Subjects
free text keywords: PRADS, Visualization, Log, file
24 references, page 1 of 2

2 Background and literature 9 2.1 PRADS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.2 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3 Network Topology Visualization . . . . . . . . . . . . . . . . . . . . 13 2.4 Data Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.5 Network Data Visualization Tools . . . . . . . . . . . . . . . . . . . 15 2.5.1 AfterGlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.5.2 Graphviz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.5.3 Gephi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.5.4 Cytoscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.5.5 NodeXL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.5.6 Cichlid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.6 Previous Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3 Methodology 25 3.1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.2 Experiment Environment Setup . . . . . . . . . . . . . . . . . . . . 26 3.3 Visualization Tool Selection . . . . . . . . . . . . . . . . . . . . . . 29 3.4 Proposed Visualization Methodology Setup . . . . . . . . . . . . . 30 3.4.1 Data Collection . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.4.2 Data Normalization . . . . . . . . . . . . . . . . . . . . . . . 31 3.4.3 Data Visualization . . . . . . . . . . . . . . . . . . . . . . . 33 3.4.4 Data Presentation . . . . . . . . . . . . . . . . . . . . . . . . 33 3.5 Database Con guration . . . . . . . . . . . . . . . . . . . . . . . . . 34 3.6 Alternative Approaches . . . . . . . . . . . . . . . . . . . . . . . . . 35 3.7 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 3.7.1 Prototype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.7.2 Properties File . . . . . . . . . . . . . . . . . . . . . . . . . . 40

4 Results 43 4.1 Summary of Open-source Visualization tools for Security Analysis and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 6 Discussion and Future Work 92 6.1 Evaluating PRADS and The Selected Open-source Visualization Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 6.2 Evaluating the Suggested Visualization Methods . . . . . . . . . . 93 6.3 Prototype Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . 94 6.4 General Evaluation of the Project . . . . . . . . . . . . . . . . . . . 96 6.5 Contribution of the Project . . . . . . . . . . . . . . . . . . . . . . . 98 6.6 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 2.1 Functioning of afterglow 1.x . . . . . . . . . . . . . . . . . . . . . . 18 2.2 Functioning of afterglow 2.0 . . . . . . . . . . . . . . . . . . . . . . 18 3.1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 26

[1] Antonio Alegria and Andre Vasconcelos. It architecture automatic verication: A network evidence-based approach. In Research Challenges in Information Science (RCIS), 2010 Fourth International Conference on, pages 1{12. IEEE, 2010.

[2] Cisco Visual Networking Index. Forecast and methodology, 2012{2017 cisco systems, usa, 2013.

[11] Jon Oberheide, Michael Go , and Manish Karir. Flamingo: Visualizing internet tra c. In Network Operations and Management Symposium, 2006. NOMS 2006. 10th IEEE/IFIP, pages 150{161. IEEE, 2006.

[13] Huw Read, Andrew Blyth, and Iain Sutherland. A uni ed approach to network tra c and network security visualisation. In Communications, 2009. ICC'09. IEEE International Conference on, pages 1{6. IEEE, 2009.

[15] PRADS-gamelinux prads-wiki. https://github.com/gamelinux/prads/ wiki. Accessed: 2014-03-12.

[16] PRADS-man prads-documentation. https://github.com/gamelinux/ prads/blob/master/doc/prads.man. Accessed: 2014-03-12.

[17] PRADS-Discription passive real-time asset detection system. //manpages.ubuntu.com/manpages/precise/man1/prads.1.html. cessed: 2014-03-12.

[18] at le Databases at le db. http://en.wikipedia.org/wiki/Flat_ file_database. Accessed: 2014-05-06.

[20] Graeme Merrall. Php/mysql tutorial. Webmonkey. com, January, 2005.

[21] AB MySQL. Mysql, 2001.

[22] Josephsen David. Building a monitoring infrastructure with nagios, 2007.

[43] Visualizing Firewall Log Data to Detect Security Incidents trenton bond. http://www.giac.org/paper/gcia/1651/ visualizing-firewall-log-data-detect-security/109883. Accessed: 2014-03-20.

24 references, page 1 of 2
Powered by OpenAIRE Open Research Graph
Any information missing or wrong?Report an Issue