Who: Luca Deri (ntop, www.ntop.org)
When: Thursday, 24th February· 2:30 – 3:30PM
Where: on google meet: https://meet.google.com/wjr-atva-hsw
The pervasive use of encrypted protocols and new communication paradigms based on mobile and home IoT devices has obsoleted traffic analysis techniques that relied on clear text analysis. DPI (Deep Packet Inspection) is a key component to provide network visibility on network traffic. Security and monitoring applications rely on DPI as they need to classify traffic in order to identify applications protocols, misuses, similarities, as well communications patterns not easily identifiable by hand or with inefficent tools (often written in languages such as Python and R) unable to cope with 10 Gbit+ network speeds.
nDPI is an open source toolkit designed to detect application protocols on both plain and encrypted traffic. Able to extract relevant metadata information including metrics on encrypted traffic for easy classification and accounting, it features various algorithms and techniques that dramatically simplify traffic analysis and that should ease the creation of applications able to efficiently spot traffic patterns and anomalies. This talk will introduce nDPI, discusses how a popular open-source project is managed, and shows how it can be use in real life to analyse traffic for cybersecurity.
Luca Deri is the leader of the ntop project (www.ntop.org), aimed at developing an open-source monitoring platform for high-speed cybersecurity-oriented traffic analysis. He worked at the University College of London and IBM Research, prior to receiving his PhD at the University of Berne with a thesis about software components for traffic monitoring applications. Well known in the open-source and Linux community, he currently shares his time between the ntop project and the University of Pisa where he has been appointed as a lecturer at the CS department.