By Topic

Distributed agent-based real time network intrusion forensics system architecture design

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Wei Ren ; Dept. of Comput. Sci., Zhongnan Univ. of Econ. & Law, Wuhan, China ; Hai Jin

Network forensics is a new approach for the network security, because the firewall and IDS cannot always stop and discover the misuse in the network. Once the system is compromised, the forensics and investigation always after the attacks and lose some useful instant evidence. The integrated analysis of the log and audit system and network traffic can lead to an efficient navigation of the traffic. The current network forensics approaches only focus on the network traffic capture and traffic replay, which always result in the performance bottleneck or forensics analysis difficulties. However, the adaptive capture without lose the potential sensitive traffic and real time investigation are seldom discussed. In this paper, we discuss the frameworks of distributed agent-based real time network intrusion forensics system, which is deployed in local area network environment. Some novel approaches for network forensics are discussed for the first time, such as network forensics server, network forensics database, network forensics agents, forensics data integration and active real time network forensic.

Published in:

19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers)  (Volume:1 )

Date of Conference:

28-30 March 2005