Enriching network security analysis with time travel

Computer Communication Review

Volumn 38, Issue 4, 2008, Pages 183-194

  Maier, Gregor ^a   Sommer, Robin ^b   Dreger, Holger ^c   Feldmann, Anja ^a   Paxson, Vern ^d   S Hneider, Fabian ^a  

^a TECHNISCHE UNIVERSITÄT BERLIN   (Germany)

^b LAWRENCE BERKELEY NATIONAL LABORATORY   (United States)

^c SIEMENS AG   (Germany)

^d UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Forensics; Intrusion detection; Packet capture

Indexed keywords

FORENSICS; HEAVY-TAILED; INDEXING AND RETRIEVALS; NETWORK FLOWS; NETWORK SECURITY ANALYSIS; NETWORK TRAFFICS; OFFLINE; PACKET CAPTURE; PERFORMANCE EVALUATIONS; PROOF OF PRINCIPLES; REAL-TIME NETWORKS; RECORDING PARAMETERS; RETROSPECTIVE ANALYSIS; STAND -ALONE; TIME MACHINES; TIME TRAVELS; TRAFFIC STREAMS;

COMPUTER CRIME; CONCENTRATION (PROCESS); CONVOLUTIONAL CODES; INTERNET; NETWORK SECURITY;

INTRUSION DETECTION;

EID: 65249091864     PISSN: 01464833     EISSN: 01464833     Source Type: Conference Proceeding    
DOI: 10.1145/1402946.1402980     Document Type: Conference Paper

References (27)

1. ANDERSON, E., AND ARLITT, M. Full Packet Capture and Offline Analysis on 1 and 10 Gb/s Networks. Tech. Rep. HPL-2006-156, HP Labs, 2006.
2. ANTONELLI, C., CO, K., M FIELDS, AND HONEYMAN, P. Cryptographic Wiretapping at 100 Megabits. In SPIE 16th Int. Symp. on Aerospace Defense Sensing, Simulation, and Controls. (2002).
3. CHANDRASEKARAN, S., AND FRANKLIN, M. Remembrance of Streams Past: Overload-sensitive Management of Archived Streams. In Proc. Very Large Data Bases (2004).
4. ClearSightNetworks, http://www.clearsightnet.com.
5. CNET NEWS. Another suspected NASA hacker indicted. http://www.news.com/2102-7350-3-6140001.html.
6. CoMo. http://como.sourceforge.net.
7. COOKE, E., MYRICK, A., RUSEK, D., AND JAHANIAN, F. Resource-aware Multi-format Network Security Data Storage. In Proc. SIGCOMM LSAD workshop (2006).
8. CRANOR, C., JOHNSON, T., AND SPATSCHECK, O. Gigascope: A Stream Database for Network Applications. In Proc. SIGMOD (2003).
9. DESNOYERS, P., AND SHENOY, P. J. Hyperion: High Volume Stream Archival for Retrospective Querying. In Proc. 2007 USENIX Technical Conf (2007).
10. DREGER, H., FELDMANN, A., PAXSON, V., AND SOMMER, R. Operational Experiences with High-Volume Network Intrusion Detection. In Proc. 11th ACM Conf. on Comp. and Comm. Security (2004).
11. DUNLAP, G. W., KING, S. T., CINAR, S., BASRAI, M. A., AND CHEN, P. M. ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. In Proc. Symp. on Operating Systems Design and Implementation (2002).
12. ENDACE MEASUREMENT SYSTEMS. http://www.endace.com/, 2008.
13. GONZALEZ, J. M., PAXSON, V., AND WEAVER, N. Shunting: A Hardware/Software Architecture for Flexible, High-performance Network Intrusion Prevention. In Proc. 14th ACM Conf. on Comp, and Comm. Security (2007).
14. Intelica Networks, http://www.intelicanetworks.com.
15. KORNEXL, S., PAXSON, V., DREGER, H., FELDMANN, A., AND SOMMER, R. Building a Time Machine for Efficient Recording and Retrieval of High-Volume Network Traffic (Short Paper). In Proc. ACM SIGCOMM IMC (2005).
16. MCGRATH, K. P., AND NELSON, J. Monitoring & Forensic Analysis for Wireless Networks. In Proc. Conf. on Internet Surveillance and Protection (2006).
17. PARK, K., KIM, G., AND CROVELLA, M. On the Relationship Between File Sizes, Transport Protocols, and Self-similar Network Traffic. In Proc. ICNP '96 (1996).
18. PAXSON, V. Bro: A System for Detecting Network Intruders in Real-Time. Comp. Networks 31, 23-24 (1999).
19. PAXSON, V., AND FLOYD, S. Wide-Area Traffic: The Failure of Poisson Modeling. IEEE/ACM Transactions on Networking 3, 3 (1995).
20. PONEC, M., GIURA, P., BRÖNNIMANN, H., AND WEIN, J. Highly Efficient Techniques for Network Forensics. In Proc. 14th ACM Conf. on Comp, and Comm. Security (2007).
21. REISS, F., STOCKINGER, K., WU, K., SHOSHANI, A., AND HELLERSTEIN, J. M. Enabling Real-Time Querying of Live and Historical Stream Data. In Proc. Statistical & Scientific Database Management (2007).
22. ROESCH, M. Snort - Lightweight Intrusion Detection for Networks. In Proc. 13th Systems Administration Conference -LISA '99 (1999), pp. 229-238.
23. SHANMUGASUNDARAM, K., MEMON, N., SAVANT, A., AND BRÖNNIMANN, H. ForNet: A Distributed Forensics Network. In Proc. Workshop on Math. Methods, Models and Architectures for Comp. Networks Security (2003).
24. SOMMER, R. Viable Network Intrusion Detection in High-Performance Environments. PhD thesis, TU München, 2005.
25. SOMMER, R., AND PAXSON, V. Exploiting Independent State For Network Intrusion Detection. In Proc. Computer Security Applications Conf. (2005).
26. VALLENTIN, M., SOMMER, R., LEE, J., LERES, C., PAXSON, V., AND TIERNEY, B. The NIDS Cluster: Scalable, Stateful Network Intrusion Detection on Commodity Hardware. In Proc. 10th Int. Symp. Recent Advances in Intrusion Detection (RAID) (2007).
27. WALLERICH, J., DREGER, H., FELDMANN, A., KRISHNAMURTHY, B., AND WILLINGER, W. A Methodology for Studying Persistency Aspects of Internet Flows. ACM SIGCOMM CCR 35, 2 (Apr 2005), 23-36.