Hands on Case Study: Applying Dynamic Network Analysis to Temporal - - PDF document

▶

Jan 25, 2023 106 likes •260 views

<Your Name> Hands on Case Study: Applying Dynamic Network Analysis to Temporal Netflow Data Geoffrey Dobson gdobson@andrew.cmu.edu June 2020 Center for Computational Analysis of Social and Organizational Systems

SLIDE 1

<Your Name> 1

Center for Computational Analysis of Social and Organizational Systems http://www.casos.cs.cmu.edu/

Hands on Case Study: Applying Dynamic Network Analysis to Temporal Netflow Data

Geoffrey Dobson

gdobson@andrew.cmu.edu June 2020

2 Geoffrey Dobson

Overview

Graduate
Apply for jobs
Land a new job
Get direction from your customer
Do your job (the hands on part)

SLIDE 2

<Your Name> 2

3 Geoffrey Dobson

Graduate

Ph.D.

4 Geoffrey Dobson

Apply for a job

This job sounds perfect!

SLIDE 3

<Your Name> 3

5 Geoffrey Dobson

Land a new job

Source: Rutgers.edu

Company BAE Systems Job Title Senior Researcher, Network Science Workcenter Cyber Situational Awareness Cell Job Description Apply network science techniques and expertise to the Cyber Situational Awareness Cell of a multibillion dollar international corporation

6 Geoffrey Dobson

Get direction from your customer

“We have thousands of computers connected all

ver the world, and we

know all about them…but we don’t know how the network is behaving!!!.....HELP!”

Source: Youtube

SLIDE 4

<Your Name> 4

7 Geoffrey Dobson

Do your job

Source: Temple.edu 8 Geoffrey Dobson

Do your job

Collect Netflow data
Conduct Dynamic Network Analysis
Gain better Cyber Situational Awareness

SLIDE 5

<Your Name> 5

9 Geoffrey Dobson

NETFLOW

FLOW RECORDS

10 Geoffrey Dobson

SiLK

SLIDE 6

<Your Name> 6

11 Geoffrey Dobson

SiLK

12 Geoffrey Dobson

Collect Netflow Data

1. Go Data -> net flow data

SLIDE 7

<Your Name> 7

13 Geoffrey Dobson

Collect Netflow Data

2. Create New Folder on Desktop called “Unzipped”
3. Go to Data drive and right click on each zip file, and extract to Unzipped Folder

14 Geoffrey Dobson

Collect Netflow Data

4. Open Import Wizard and select Table of network links

SLIDE 8

<Your Name> 8

15 Geoffrey Dobson

Collect Netflow Data

5. Name the Meta Network

16 Geoffrey Dobson

Collect Netflow Data

6. Browse to files

SLIDE 9

<Your Name> 9

17 Geoffrey Dobson

Collect Netflow Data

7. Configure input data

18 Geoffrey Dobson

Collect Netflow Data

8. Uncheck “Create a dynamic meta-network..” and Finish

SLIDE 10

<Your Name> 10

19 Geoffrey Dobson

Understand your data

Describe your network data:

– Undirected single mode network – Agent by Agent meta network – Bipartite graph – Flow records per day?

~200,000

– Links per day?

~ 130,000

– Nodes per day?

~ 22,000

20 Geoffrey Dobson

Perform Dynamic Network Analysis

1. Create a dynamic meta-network

SLIDE 11

<Your Name> 11

21 Geoffrey Dobson

Perform Dynamic Network Analysis

2. Fill in Date field

22 Geoffrey Dobson

Perform Dynamic Network Analysis

3. Click Measure Charts

SLIDE 12

<Your Name> 12

23 Geoffrey Dobson

Perform Dynamic Network Analysis

4. Select the Dynamic Meta Network

24 Geoffrey Dobson

Perform Dynamic Network Analysis

5. Select Custom: Density and Network Centralization, Total Degree,

Click Run

SLIDE 13

<Your Name> 13

25 Geoffrey Dobson

Perform Dynamic Network Analysis

6. Add Measure, then view various results

26 Geoffrey Dobson

Perform Dynamic Network Analysis

6. continued

SLIDE 14

<Your Name> 14

27 Geoffrey Dobson

Gain Cyber SA

What could huge increase in Total Degree

Centralization mean?

Malicious

Scanning?

Cyber Attack?
Systems connecting

to external update server?

28 Geoffrey Dobson

More Analysis?

Keep library of known nodes and compare

against?

Other measures that could provide better

SA?

– Weighted density? – In degree centralization on nodes inside the network?

Could identify targeted attacks
Periodicity? Days of the week, etc