NTPAC - Network Traffic Packet Analysing Cluster

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F18%3APR32028" target="_blank" >RIV/00216305:26230/18:PR32028 - isvavai.cz</a>

Výsledek na webu

<a href="https://github.com/nesfit/NTPAC" target="_blank" >https://github.com/nesfit/NTPAC</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

NTPAC - Network Traffic Packet Analysing Cluster

Popis výsledku v původním jazyce

The NTPAC tool is intended for a distributed processing of captured computer network communication. Typical network forensic analysis of captured communication on only one machine is very resource demanding and can be done only up to a specific limit even with a very powerful machine; we solve this issue with a distributed computation that scales horizontally. NTPAC processes data in the form of PCAP files with captured computer network communication, or it can intercept data directly on the wire.  Each processed packet is inherently routed to a particular working node which collects all the packets belonging to a particular conversation and conducts defragmentation and reassembling which are necessary preprocessing operations. Data are stored in a distributed Cassandra database. The actual extraction of application protocols occurs consequently after the data are stored in the database. This ensures a higher degree of fine resource utilization and emphasizes the paramount role of complete data preprocessing and capturing so non-packet gets logs. We recognize two types of application protocols - text-based and binary. The text-based protocols are processed by handwritten application protocol parsers based on our stream interface that serves preprocessed, reconstructed data. The binary protocols are processed by parsers which are automatically generated using the Kaitai tool. The combination of these approaches ensures easy extensibility of the NTPAC tool.

Název v anglickém jazyce

NTPAC - Network Traffic Packet Analysing Cluster

Popis výsledku anglicky

The NTPAC tool is intended for a distributed processing of captured computer network communication. Typical network forensic analysis of captured communication on only one machine is very resource demanding and can be done only up to a specific limit even with a very powerful machine; we solve this issue with a distributed computation that scales horizontally. NTPAC processes data in the form of PCAP files with captured computer network communication, or it can intercept data directly on the wire.  Each processed packet is inherently routed to a particular working node which collects all the packets belonging to a particular conversation and conducts defragmentation and reassembling which are necessary preprocessing operations. Data are stored in a distributed Cassandra database. The actual extraction of application protocols occurs consequently after the data are stored in the database. This ensures a higher degree of fine resource utilization and emphasizes the paramount role of complete data preprocessing and capturing so non-packet gets logs. We recognize two types of application protocols - text-based and binary. The text-based protocols are processed by handwritten application protocol parsers based on our stream interface that serves preprocessed, reconstructed data. The binary protocols are processed by parsers which are automatically generated using the Kaitai tool. The combination of these approaches ensures easy extensibility of the NTPAC tool.

Druh

R - Software

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/VI20172020062" target="_blank" >VI20172020062: Integrovaná platforma pro zpracování digitálních dat z bezpečnostních incidentů (TARZAN)</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Interní identifikační kód produktu

NTPAC

Technické parametry

Pro podrobnosti licenčních podmínek konzultujte: Ing. Vladimír Pavelka, Útvar transferu technologií VUT v Brně, Božetěchova 2, 612 66 Brno, 541 141 499

Ekonomické parametry

Pro podrobnosti licenčních podmínek konzultujte: Ing. Vladimír Pavelka, Útvar transferu technologií VUT v Brně, Božetěchova 2, 612 66 Brno, 541 141 499

IČO vlastníka výsledku

—

Název vlastníka

Fakulta informačních technologií