Date of Award

2018

Degree Type

Thesis

Degree Name

Master of Science in Computer Science

Department

Computer Science and Statistics

First Advisor

Lisa DiPippo

Abstract

As long as the Internet users and the dependency of human on IT are evolving, the detailed inspection of NetFlow data will be useful, especially for the detection of cyber anomalies and outbreaks. To date, numerous researchers have examined NetFlow with respect to numerical fields including, for example, Packets, IPs, Bytes, and Bandwidth consumption. But only a handful of projects have paid attention to the analysis of NetFlow activity using categorical fields including Internet application and computer location, especially concerning a particular academic institution.

The primary focus of this project is on the development of a tool for analyzing NetFlow activity at the University of Rhode Island (URI) computer network. This tool helps to monitor the NetFlow activity over time stratified first by the Primary and then by the Secondary fields selected by the user. NetFlow activity is evaluated and visualized with; frequency of traffic flow – if user only selects filter option ‘Primary Log Field’, and relative frequency of traffic flow – after selecting Field value of interest from ‘Primary Log Field’ if user continues and select filter option ‘Secondary Log Field’. Automatically, the drill-down of data through those log fields along timestamp of interest will trigger the generation of an advanced log table grid view.

Additionally, the proposed tool takes advantage of the network theory and provides visualization of the bipartite graph representation of NetFlow data subset with selected fields and time period with pre-specified sets of node degrees. This representation helps to monitor and characterize communication behavior of individual nodes in the selected time period.

Overall, the tool created for this project can be regarded as the first step in the development of the comprehensive cyber security system for monitoring and analysis of the URI NetFlow activity.

Creative Commons License

Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.