Using relational graphs for exploratory analysis of network traffic data

The human brain is designed to perceive the surrounding world as associations. These associations between the individual pieces of information allow us to analyze and categorize new inputs and thus understand them. However, the support for association-based analysis in traditional network analysis tools is only limited or not present at all. These tools are mostly based on manual browsing, filtering, and aggregation, with only basic support for statistical analyses and visualizations for communicating the general characteristics. Yet, it is the relationship diagram that could allow the analysts to get a broader context and reveal the associations hidden in the data. In this paper, we explore the possibilities of relational analysis as a novel paradigm for network forensics. We provide a set of user requirements based on the discussion with domain experts and introduce a novel visual analysis tool utilizing multimodal graphs for modeling relationships between entities from captured packet traces. Finally, we demonstrate the relational analysis process on two use cases and discuss feedback from domain experts. (c) 2023 The Author(s). Published by Elsevier Ltd on behalf of DFRWS All rights reserved. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).