At the beginning of July, the SECRYPT 2021 conference took place, which we were pleased to attend. We revealed there our current research on network traffic analysis using a graph database and discussed our future plans. SECRYPT is an annual international conference covering research in information and communication security. The 18th International Conference on Security and Cryptography (SECRYPT 2021) has submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. The conference also included research papers describing the application of security technology, systems implementation, advanced prototypes, and lessons learned.
Milan Cermak from Masaryk University presented the paper GRANEF: Utilization of a Graph Database for Network Forensics. This article described the new network traffic analysis toolkit that eases understanding the information in captured network traffic, extraction of the necessary data, and incident investigations. To allow this, we store network events in a graph database as associations. This approach follows the typical way of human thinking and perception of the characteristics of the surrounding world. The main advantage is the connection of exploratory analysis of network traffic data with results visualization allowing analysts to easily go through the acquired knowledge and visually identify interesting network traffic.
If you are interested in this topic, check the paper or the attached poster. You can also check out the short presentation where we summarized the paper and our results.