Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Computer network wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Airborne Networking wikipedia , lookup
Network tap wikipedia , lookup
Wireless security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
CENG SP-FORM1 ÇANKAYA UNIVERSITY Computer Engineering Department CENG 407–408 Senior Project (Innovative System Design and Development) Proposal Form This form should be used for all CENG 407 – 408 Senior Project Proposals. A topic can be jointly proposed by student, signed by at least one of the partners. Part I. faculty, company and/or Project Proposer Names (supervisor, company, student) and organizations Alptugay DEĞİRMENCİOĞLU, LABRIS NETWORKS Mobile 5074973233 E-Mail [email protected] Signature Part II. Project Information, to be completed by the proposer (Faculty, Student and/or Company) Starting Term Title 2 0 1 5 / 2 0 1 6 ▢ Fall ▢ Spring Security Log Visualization software Description (extra sheets can be added) Security appliances like firewalls produce lots of logs of network access and these logs are millions in lines. It is very hard to inspect these logs and recognize the black ship (attacker) in logs. Big data and security intelligence are the two very important topics in security. This vast amount of data gets increasingly hard to understand. Terms like map reduce, hadoop, spark, elasticsearch, data science, etc. are part of many discussions. Data visualization is the only approach that scales to the ever changing threat landscape and infrastructure configurations. Using big data visualization techniques, you uncover hidden patterns of data, identify emerging vulnerabilities and attacks, and respond decisively with countermeasures that are far more likely to succeed than conventional methods. On the other hand visualization techniques are widely used in areas of marketing, presentations. For example, giving a graph instead of a table is getting more important for getting attention of the user or customer. To visualize this process and to make data must pass through certain stages. Users may want to keep transactions simple and visually in the Internet environment under control in this application. The main objective is to provide the intervention's immediate or report at regular intervals. Also, security visualization is in increase and gives broad horizon for security researcher, product developers and customers. This project is a more detailed. Used to configure for to save the operating system security audit log activity. Local Security Authority Subsystem Service writes events to the log. The Security Log is one of the primary tools used by Administrators to detect and investigate attempted and successful unauthorized activity and to troubleshoot problems. Application control policy, rogue systems and making unauthorized transactions to detect and prevent applications running on the system and user activities are recorded on the log map shown. The reason for designing the interface to show threats and cyber-attacks against the user under the transaction is to keep record at regular time intervals. Version: July 2015 CENG SP-FORM1 All these are provided by the operating system as a firewall application. In computing, a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted, secure internal network and another outside network, such as the Internet, that is assumed to not be secure or trusted. Firewalls are often categorized as either network firewalls or host-based firewalls. Network firewalls are a software appliance running on general purpose hardware or hardware-based firewall computer appliances that filter traffic between two or more networks. Host-based firewalls provide a layer of software on one host that controls network traffic in and out of that single machine. Routers that pass data between networks contain firewall components and can often perform basic routing functions as well, Firewall appliances may also offer other functionality to the internal network they protect such as acting as a DHCP or VPN server for that network. As the network environment is used effectively in operation. In conclusion, this project aims to develop a security visualization software which process single of multiple firewall logs, analyze the logs, extract precious information and create meaningful visualizations in geo maps and other forms in a web GUI. Similar Products/Projects: Secviz applications: http://map.ipviking.com/ , http://www.digitalattackmap.com Dataviz samples: http://selection.datavisualization.ch/, http://www.secviz.org Justification Novelty The current applications are for multi-to-multi visibility of networks. That is traffic coming from multiple sources destined to multiple destinations. This project aims to develop and release a software for a single enterprise, providing visualization of traffic coming from multiple source into single destination. This visualization should include correlated security information not just packet and byte counters. For example it should, 1- give differentiated view of allowed and denied traffic 2- give former connections with remote peers 3- give aggregated view of denied connections The software should listen from pluggable log types. For example, it will be able to get a new plugin which include a new log type definition and log security metadata and give visualized reports. Complexity When you open a port through the firewall for a specific program allows you to send or receive information from your computer that is like punching a hole in firewall . Each port is opened or when you allow a program to communicate through the firewall computer security is reduced. The more allowed programs or open ports, hackers or malicious software open to spread the worm, access your files or your computer to spread malicious software to others, allows to use. If you open a port, this port it remains open until it is deactivated by program used but not used. When not provided with the regular data flow and reporting, it will be difficult to keep the situation under control and it may be exposed to attacks by malicious software. Constraints: economics, sustainability, environment, ethics, security, health, social and political issues, Version: July 2015 Postgresql will be used as data source. Python, javascript or other languages will be used for development. As web development framework flask or any other framework by choice of team might be used. CENG SP-FORM1 Risks involved Version: July 2015 In the data flow, big data can lead to network congestion while trying to reach the desired. Malware can benefit from congestion on the network and then attempts to unauthorized. Security solutions are not reported properly and not provided follow tracks to left easily it will be exposed to cyber-attacks for system not be able to intervene. (IP information, location etc.). Another risk is to establish a fake ip connection. The system is required catch vulnerabilities. Otherwise, it would be unilateral and data flow unauthorized.