Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2007
ACM
2007
ACM
Highly efficient techniques for network forensics
Given a history of packet transmissions and an excerpt of a possible packet payload, the payload attribution problem requires the identification of sources, destinations and the times of appearance on a network of all the packets that contained such payload. A module to solve this problem has recently been proposed as the core component in a network forensics system. Network forensics provides useful tools for investigating cybercrimes on the Internet, by, for example, tracing the spread of worms and viruses, identifying who has received a phishing email in an enterprise, or discovering which insider allowed an unauthorized disclosure of sensitive information. In general it is infeasible to store and query the actual packets, therefore we focus on extremely compressed digests of the packet activity. We propose several new methods for payload attribution which utilize Rabin fingerprinting, shingling, and winnowing. Our best methods allow data reduction ratios greater than 100:1 while s...
Real-time TrafficCCS 2007 | Network Forensics | Payload Attribution | Payload Attribution Problem | Security Privacy |
Related Content
| Added | 12 Aug 2010 |
| Updated | 12 Aug 2010 |
| Type | Conference |
| Year | 2007 |
| Where | CCS |
| Authors | Miroslav Ponec, Paul Giura, Hervé Brönnimann, Joel Wein |
Comments (0)
Researcher Info
|
