Monday, September 13, 2:00PM
Burchard 124
Computer Science Department
Stevens Institute of Technology
Abstract
In this talk we introduce ForNet, a distributed network logging
mechanism to aid digital forensics over wide area networks. We
describe the need for such a system, review related work, present
the architecture of the system, and discuss key research issues. We
then describe the design and implementation of a prototype system
that processes packets in a network and is able to attribute query
payloads to source and destination hosts in the local network. It is
based on a novel data structure called a Hierarchical Bloom Filter
(HBF). An HBF allows us to form compact digests of payloads and
provide probabilistic answers to membership queries. Our system is
robust against certain packet transformations and flexible enough to
be used if the query string is spread across several packets.
Performance analysis and experimental results of the prototype
system are also presented demonstrating its practicality and
efficacy.