Master Thesis MSTR-2020-68

71 pages, english.

Nowadays, network security has become an essential task due to the need of network computer equipment to be able to carry out tasks in many areas of business and in personal life. That is the reason why looking for new ways to monitor and control the data that passes through the network is becoming a necessary effort to guarantee the safety of users. The network monitoring process is often carried out with network flows, which show the characteristics of data transmission on the network, and host-based events, which include system logs and information about processes being started and terminated, the registry or files being accessed, etc. The analysis of both separately is very common among security analysts, however, the correlation of both is a task that is not currently performed, and that could reveal new ways to facilitate the analysis of the network and help to detect and evaluate unusual behaviors The analysis of the network is realized through visualizations, since humans are good in recognizing patterns which are difficult to detect automatically. The visualizations allow a detailed and in-depth analysis of the data, facilitating the detection of patterns and unusual behavior of the network. Therefore, the main objective of the thesis is to develop a visualization system that allows for correlating host-based events that occur with the network flows. This work does not seek to solve a specific problem, but it is more of an exploratory nature, seeking means of visually correlating network flows and host-based data and evaluate their utility. Potential areas where such a correlation can improve on the state of the art are detecting the processes that cause suspicious activities, such as a sudden increase in the transmission of information, as well as to create application profiles.

Department(s)University of Stuttgart, Institute of Visualisation and Interactive Systems, Visualisation and Interactive Systems
Superviser(s)Ertl, Prof. Thomas; Becker, Franziska; Müller, Christoph
Entry dateApril 22, 2021
