Network Intell: Enabling the Non-Expert Analysis of Large Volumes of Intercepted Network Traffic
This addresses the problem for law enforcement investigators who struggle with complex, encrypted network traffic analysis, though it appears incremental as it builds on existing metadata methods.
The paper tackles the challenge of analyzing large volumes of intercepted network traffic, especially encrypted data, by proposing a novel approach based on network metadata, which significantly reduces analysis duration and provides insights for non-technical investigators.
In criminal investigations, telecommunication wiretaps have become a common technique used by law enforcement. While phone-based wiretapping is well documented and the procedure for their execution are well known, the same cannot be said for Internet taps. Lawfully intercepted network traffic often contains a lot of encrypted traffic making it increasingly difficult to find useful information inside the traffic captured. The advent of Internet-of-Things further complicates the process for non-technical investigators. The current level of complexity of intercepted network traffic is close to a point where data cannot be analysed without supervision of a digital investigator with advanced network knowledge. Current investigations focus on analysing all traffic in a chronological manner and are predominately conducted on the data contents of the intercepted traffic. This approach often becomes overly arduous when the amount of data to be analysed becomes very large. In this paper, we propose a novel approach to analyse large amounts of intercepted network traffic based on network metadata. Our approach significantly reduces the duration of the analysis and also produces an insight view of analysing results for the non-technical investigator. We also test our approach with a large sample of network traffic data.