Publication Details

On the Identification of Applications from Captured Network Traffic

PLUSKAL Jan, RYŠAVÝ Ondřej and MATOUŠEK Petr. On the Identification of Applications from Captured Network Traffic. New York, 2016. Available from: https://prezi.com/wnxlghgkocti
Czech title
Identifikace aplikačních protokolů zachycené síťové komunikace
Type
presentation,poster
Language
english
Authors
Pluskal Jan, Ing., Ph.D. (DIFS FIT BUT)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS FIT BUT)
URL
Keywords

cyber forensics, cyber security, intrusion detection system, metadata, traffic classification

Abstract

Digital forensics uses hashing as a tool to ensure data integrity and detecting known objects. Detecting know communication is more complicated as each data transfer contains specific and temporary characteristic, e.g., IP addresses, sequence numbers, and checksums. In network security, the anomaly or dangerous communication is identified by applying methods of traffic classification. In this presentation, we revisit the methods for traffic classification to determine an approach that can apply to the problem of distinguishing the traffic to known and suspect. Such classification can reduce the amount of information that needs to be analyzed by the forensic specialist during the investigation.

Published
2016
Pages
15
Conference
8th International Conference on Digital Forensics & Cyber Crime, New York, US
Place
New York, US
Back to top