Journal ArticleOPEN ACCESS

Network forensics on packet fingerprints

IFIP International Federation for Information Processing (2006) 201 401-412
DOI: 10.1007/0-387-33406-8_34
14Citations
Citations of this article
17Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We present an approach to network forensics that makes it feasible to trace the content of all traffic that passed through the network via packet content fingerprints. We develop a new data structure called the "Rolling Bloom Filter" (RBF), which is based on a generalization of the Rabin-Karp string-matching algorithm. This merges the two key advantages of space efficiency and an efficient content matching mechanism. This also achieves analytically predictable False Positive Rates that can be controlled by tuning the RBF parameters. Leveraging upon these insights, we have designed and implemented a practical Network Forensic System that gives the ability to reconstruct the sequence of events for post-incident analysis. © 2006 International Federation for Information Processing.

Cite

CITATION STYLE

APA

Cho, C. Y., Lee, S. Y., Tan, C. P., & Tan, Y. T. (2006). Network forensics on packet fingerprints. IFIP International Federation for Information Processing, 201, 401–412. https://doi.org/10.1007/0-387-33406-8_34

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free