(R T) PAC

Team Members:

Brendan Carell

Tim Thornton

(Real Time) Packet Analysis and Capture

Background

libpcap

  • c/c++ packet capture library
  • developed by tcpdump group
  • will be implemented into a c/c++ application 

network entropy

Statistics

  • most used ports
  • most active ip addresses
  • average packet size
  • average traffic amounts

network anomalies

  • normalize entropy
  • look for packets atleast n # of standard deviations from normal
  • shannon entropy

Goal and Expected Result

Primary

Secondary

  • Capture of packets in real time
  • Analysis and report of packet statistics for network administration
  • Calculation of global and local entropy
  • Usage of entropy comparison for anomalous network detection

Execution Plan

Packet Capture Subgoals

  1. Capture and storage of packets in real time from interface
  2. Analysis and report of packet flow information
  3. Calculation of entropy of total flow information
  4. Report

Dates

Wed 12, Nov

Wed 19, Nov

Mon 24, Nov

~ Sun   7, Dec

Execution Plan

(Extended Goals)

Anomaly Detection Subgoals

  1. Calculation of relative entropy window
  2. Detection of anomalous network flow based on entropy comparison

Wed 3, Dec

Wed 3, Dec

Fin.

Copy of deck

By bscarell

Made with Slides.com

Copy of deck

  • 652