Network Traffic Analysis using Deep Packet Inspection and Data Visualization (SHA2017)
HTML-код
- Опубликовано: 6 сен 2024
- Eventpad: the Sublime editor for network traffic
For the protection of (critical) infrastructures against complex virus attacks, deep packet inspection is unavoidable. In our project SpySpot we are developing new tools and techniques to assist analysts in gaining insight and reverse engineering WireShark PCAP files. In this talk we present and demo a new data visualization system Eventpad to study PCAP traffic by visualizing patterns according to user-defined rules. We illustrate the effectiveness of the system on real-world traffic including VoIP communication and Ransomware activity in file systems.
#NetworkSecurity #DeviceSecurity
ArrayX
I imagine a larger scale but do ISPs use techniques like this during DPI? Or is it just company networks?
Using open source extended Berkeley Packet Filtering (eBPF/BPF) major Tier 1 internet trunk providers can scan at-wire-speeds to "packet parse" or "deep packet scan" using the "observability" Features of BPF acan stop DDoS, packet malformations, garbage traffic, malicious traffic and processes ... So YES, Deep Packet Inspection and BPF can and is deployed at scale by major telecom providers and Global 100 companies. May of the topics and functions here are equally relevant for Small to Medium size Businesses and to present day global giants. The presented concepts here are congruent across all scales from a few computers to millions.
And to answer your second question, YES, unfortunately there are many ISP's and MSP's who do not bother with time tested open source BPF for packet parsing and deep packet inspection. They do so at their own peril.
Is the software available for download anywhere?