Distributed Agent-Based Real Time Network Intrusion Forensics System Architecture Design

Taipei, Taiwan March 25-March 30

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/AINA.2005.164

19th International Conference on Adva ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Wei Ren Articles by Hai Jin

	ASCII Text	x
	Wei Ren, Hai Jin, "Distributed Agent-Based Real Time Network Intrusion Forensics System Architecture Design," Advanced Information Networking and Applications, International Conference on, vol. 1, pp. 177-182, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers), 2005.

	BibTex	x
	@article{ 10.1109/AINA.2005.164, author = {Wei Ren and Hai Jin}, title = {Distributed Agent-Based Real Time Network Intrusion Forensics System Architecture Design}, journal ={Advanced Information Networking and Applications, International Conference on}, volume = {1}, year = {2005}, issn = {1550-445X}, pages = {177-182}, doi = {http://doi.ieeecomputersociety.org/10.1109/AINA.2005.164}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Advanced Information Networking and Applications, International Conference on TI - Distributed Agent-Based Real Time Network Intrusion Forensics System Architecture Design SN - 1550-445X SP177 EP182 A1 - Wei Ren, A1 - Hai Jin, PY - 2005 KW - null VL - 1 JA - Advanced Information Networking and Applications, International Conference on ER -

Wei Ren, Zhongnan University of Economics and Law and Huazhong University of Science and Technology

Hai Jin, Huazhong University of Science and Technology

Network forensics is a new approach for the network security, because the firewall and IDS cannot always stop and discover the misuse in the network. Once the system is compromised, the forensics and investigation always after the attacks and lose some useful instant evidence. The integrated analysis of the log and audit system and network traffic can lead to an efficient navigation of the traffic. The current network forensics approaches only focus on the network traffic capture and traffic replay, which always result in the performance bottleneck or forensics analysis difficulties. However, the adaptive capture without lose the potential sensitive traffic and real time investigation are seldom discussed. In this paper, we discuss the frameworks of distributed agent-based real time network intrusion forensics system, which is deployed in local area network environment. Some novel approaches for network forensics are discussed for the first time, such as network forensics server, network forensics database, network forensics agents, forensics data integration and active real time network forensic.

Citation:

Wei Ren, Hai Jin, "Distributed Agent-Based Real Time Network Intrusion Forensics System Architecture Design," aina, vol. 1, pp.177-182, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.