Publication Details
A Scalable Architecture for Network Traffic Forensics
Pluskal Jan, Ing., Ph.D. (DIFS FIT BUT)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT)
Network forensic analysis, Network trafc processing, Actor model
Availability of high-speed Internet enables new opportunities for various cybercrime activities. Security administrators and LEA (Law Enforcement Agency) officers call for powerful tools capable of providing network communication analysis of an enormous amount of network traffic moreover, capable of analyzing an incomplete network data.
Big data technologies were considered to implement tools for capturing, processing and storing packet traces representing network communication. Often, these systems are resource intensive requiring a significant amount of memory, computing power, and disk space. Presented paper describes a novel approach to real-time network traffic processing implemented in a distributed environment. The key difference to most existing systems is that the system is based on a light-weight actor model. The whole processing pipeline is represented in terms of actor nodes that can run in parallel. Also, actor-model offers a solution that is highly configurable and scalable.
The preliminary evaluation of a prototype implementation supports these general statements.
@INPROCEEDINGS{FITPUB11927,
author = "Viliam Letavay and Jan Pluskal and Ond\v{r}ej Ry\v{s}av\'{y}",
title = "A Scalable Architecture for Network Traffic Forensics",
pages = "32--36",
booktitle = "The Fifteenth International Conference on Networking and Services ICNS 2019",
year = 2019,
location = "Athens, GR",
publisher = "The International Academy, Research and Industry Association",
ISBN = "978-1-61208-711-5",
language = "english",
url = "https://www.fit.vut.cz/research/publication/11927"
}