Big Marketing Situation Awareness

Big Marketing is an international marketing company employing a large staff of marketing executives who create and manage advertising and public relations campaigns for clients. Big Marketing has an internet research staff that stays current on the latest business, consumer and entertainment trends, searches for new markets, and comes up with ways to make Big Marketing’s clients stand out from the crowd. In addition, Big Marketing operates web sites for selected clients. You work as the Big Marketing computer network manager, ensuring that Big Marketing networks are up and running for both the Internet-facing web services and the internal workforce. This responsibility encompasses the full range of maintaining current operations, planning for future needs, and securing and defending network assets against threats.

Your job is to understand events taking place on your networks over a two week period. To support your mission, your choice of visual analytics should support near real-time situation awareness. In other words, as network manager, your goal for your department is to notice network events as quickly as possible.

Data Sources
The data under investigation spans a two week period. You have four sources of data and information at your disposal in order to characterize what is happening on the network:
  1. Network description
  2. Network flow data (netflow data)
  3. Network health and status data (Big Brother data)
  4. Intrusion Protection System data.
  5. Questions to the Big Marketing corporate office

1. Network Description. There are two network descriptions: on for Week 1 and one for Week 2. Organizationally, Big Marketing consists of three different branches, each with around 400 employees and its own web servers. All Big Marketing workstations and servers sit behind a firewall, including the web servers that the company operates for their clients. The customers of Big Marketing’s clients visit theses web servers regularly.

2. Network flow data. Network flow data captures, to the extent feasible, the traffic moving across the network. Big Marketing captures network flow at the firewall, so transactions that go from Big Marketing to the internet, or come from the internet into Big Marketing, are captured. In network flow data, a series of messages between two computers is combined into a single flow record. Records appear for each session where the handshake between the two computers is completed. While each flow record includes a source and destination IP, the designation of source and destination are not guaranteed to be correct. In a situation where the flow collector did not catch the initial transaction in a flow, and sees the response as the first transaction, the destination IP may be labeled as the source IP, and vice versa. A detailed description of the network flow data is provided in the download.

3. Network health and status data. A commercial network health monitoring program called Big Brother is installed on the network. Approximately every five minutes, each workstation and server sends a status update. The data format and further details are included in the download.

4. Intrusion Protection System data. For week 2, intrusion protection system (IPS) log data is also available. An IPS monitors and logs network activities. When it identifies apparently malicious activity, the IPS attempts to block or prevent the activity. A detailed description of the IPS data is included in the download.

Enter your email address below to download the datasets and documentation.

Return to summary page

Page last modified on Thursday, January 09, 2014