A network forensics tool for precise data packet capture and replay in cyber-physical systems

Parry, Jack; Hunter, Daniel; Radke, Kenneth; Fidge, Colin

doi:10.1145/2843043.2843047

Cited by 12 publications

(12 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the group number column of Table 3, the left-hand side shows the result of the algorithms in [25], [26], [31], and the right-hand side shows those from our ITRM. The result shows that group [2] does not appear on the left-hand side because the value in group [0] is 68.2% (227847/333732) of the sum of the volume of the packet, which leads to the value in group [1] being much smaller than 111244 and group [2] is ''starved''. In contrast, ITRM aggregates the servers correctly into three groups.…”

Section: B Multi-way Number Partitioning Experimentsmentioning

confidence: 99%

“…Network traffic replay that can be used for any purpose in networking provides a powerful tool for network security experiments [1]- [4]. By capturing traffic from live networks and replaying it in a test environment, traffic replays can generate the background traffic in network testbeds [5]- [7] and reproduce real network scenarios in cyber ranges [8]- [12].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Interactive Traffic Replay Method in a Scaled-Down Environment

Liu

Ren

et al. 2019

IEEE Access

View full text Add to dashboard Cite

Network traffic replay plays an essential role in network security tests. However, performing traffic replay in a network is still a challenge due to the different scales of the live network and the replay network. In this study, we investigate three problems of the interactive traffic replay under a scaled-down replay environment and then propose a multi-node traffic replay method. In this method, a self-elected IP mapping algorithm is designed to construct the IP mapping between the target network and the live network, which reproduce the interaction between the nodes of the live network. We prove that the traffic aggregation problem is an NP-complete problem and design a divide and conquer algorithm to approximate an optimal solution. On this basis, a traffic replay algorithm based on minimum-delay forwarding mechanism is proposed to perform low-delay interactive traffic replay. The experimental results show that the method mentioned above enables us to better aggregate elephant flows and achieve high similarity in replay timing series and bandwidth, which can be employed to reproduce a real network scenario in network device tests and network security experiments.

show abstract

Section: B Multi-way Number Partitioning Experimentsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An Interactive Traffic Replay Method in a Scaled-Down Environment

Liu

Ren

et al. 2019

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Network forensics also necessitates traffic data collection, since it can provide raw data to analyze and reveal valuable information [16]. For example, Parry et al [17] points out that any forensic investigator needs to have the ability to collect the required data and find important and critical information from collected data in order to understand an anomaly. Therefore, efficient data collection becomes the basis of network forensics.…”

Section: ) Network Forensicsmentioning

confidence: 99%

“…Data Acquisition and Generation (DAG) cards are data capture cards that were designed to capture network packets [17]. Normally, they are especially effective in capturing packets in large-scale high-speed networks.…”

Section: C: Dag Cardsmentioning

confidence: 99%

“…Moreover, DAG cards can provide a range of additional hardware-based functions such as load balancing, packet filtering and classification, traffic replication and time stamping, further providing higher performance than a software-based solution. As a result, DAG cards have become an industry standard for network security monitoring, leading to many existing researches on DAG cards based data collection technologies [17]. For example, in order to inject traffic bursts, Zabala et al [39] installed an Endace 4.3GE DAG card in an injector machine.…”

Section: C: Dag Cardsmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Network Security-Related Data Collection Technologies

et al. 2018

View full text Add to dashboard Cite

Security threats and economic loss caused by network attacks, intrusions, and vulnerabilities have motivated intensive studies on network security. Normally, data collected in a network system can reflect or can be used to detect security threats. We define these data as network security-related data. Studying and analyzing security-related data can help detect network attacks and intrusions, thus making it possible to further measure the security level of the whole network system. Obviously, the first step in detecting network attacks and intrusions is to collect security-related data. However, in the context of big data and 5G, there exist a number of challenges in collecting these security-related data. In this paper, we first briefly introduce network security-related data, including its definition and characteristics, and the applications of network data collection. We then provide the requirements and objectives for security-related data collection and present a taxonomy of data collection technologies. Moreover, we review existing collection nodes, collection tools, and collection mechanisms in terms of network data collection and analyze them based on the proposed requirements and objectives toward high quality security-related data collection. Finally, we discuss open research issues and conclude with suggestions for future research directions.INDEX TERMS Network security, security-related data, data collection technologies, large-scale heterogeneous networks.

show abstract

The Problem of Selecting APCS’ Information Security Tools

Rimsha

2019

Cyber-Physical Systems: Industry 4.0 Challenges

View full text Add to dashboard Cite

A network forensics tool for precise data packet capture and replay in cyber-physical systems

Cited by 12 publications

References 7 publications

An Interactive Traffic Replay Method in a Scaled-Down Environment

An Interactive Traffic Replay Method in a Scaled-Down Environment

A Survey on Network Security-Related Data Collection Technologies

The Problem of Selecting APCS’ Information Security Tools

Contact Info

Product

Resources

About