Characterizing Packet Linearity
• Video
Publisher
Software Engineering Institute
Topic or Tag
Watch
Abstract
Determining a network baseline is an important metric for achieving situational awareness on an enterprise network, yet this task is often left undone. Further, defense organizations need to differentiate normal network traffic patterns in support of comprehensive cyberspace operations but lack a pre-operational baseline for comparison. A properly established baseline requires the collection of network packet capture and performance metrics, optimally prior to network deployment. Compounding the issue, the volume and voracity of network traffic requiring analysis is increasing, making the application of Deep Packet Inspection (DPI) technologies more infeasible. Using features of network flow metadata, we propose a method for producing a generalizable baseline to support operational analysis on established networks. We first decompose network traffic into a feature space based on predictive importance. We can observe these collected features and identify patterns over time to enable anomaly detection. Using linear regression, we attempt network packet classification as the first step in a hierarchical approach to be expanded and tested as part of future work.
Subscribe
Part of a Collection
FloCon 2021 Presentations and courses
This content was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.