MISTRAL: Dynamic data analysis of security threats within research environments


MISTRAL is an NSF funded project for capturing and analyzing network data for research lab environments.
A team of students will work with the MISTRAL team and members of the Duke University IT Security
Office (ITSO), as well as a Code+ team, to analyze and develop methods for detecting network anomalies and
potential attacks against research labs. This project will begin by establishing a baseline of typical network
traffic seen within a lab and working with the ITSO to conduct Red Team/Blue Team (offensive and
defensive simulated cyberattacks) exercises and analyze these simulated attacks within the environment. By
creating queries and detections using common data analysis tools, such as Jupyter Notebooks and Splunk,
along with open-source network data such as IPFIX flow data and Zeek deep packet inspection logs, the team
will construct automated detections for identifying malicious network activity.

Massive Internal System Traffic Research Analysis and Logging

Project Lead: TBD