problem_description.tex 1.35 KB
 yorn committed Jul 03, 2014 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 \begin{titlingpage} \noindent \begin{tabular}{@{}p{4cm}l} \textbf{Title:} & \thetitle \\ \textbf{Student:} & \theauthor \\ \end{tabular} \vspace{4ex} \noindent\textbf{Problem description:} \vspace{2ex} \noindent Computers connected to the internet are subject to being infected with different kinds of malware. Often, an infected computer will try to infect more computers, launch attacks, send spam or produce other malicious traffic. The general scope of the thesis work is to investigate method(s) to automatically detect such malicious traffic from large datasets (e.g. in the order of hundreds of gigabytes of metadata) by means of anomaly detection. The specific goal of the thesis work is to investigate different methods to store NetFlow data in a scalable graph structure, and subsequently try different graph processing systems on the NetFlow data to detect malicious traffic. It is expected that the work will use at least one of the available graph processing frameworks to detect malicious traffic on the network. NetFlow data is provided by UNINETT and consists of metadata of traffic but not payload (e.g. the fact that two IP addresses exchanged packets, but not their contents). \vspace{6ex} \noindent \begin{tabular}{@{}p{4cm}l} \textbf{Responsible professor:} & \theprofessor \\ \textbf{Supervisor:} & \thesupervisor \\ \end{tabular} \end{titlingpage}