Abstract
Networked computer systems are under a barrage by combatants attempting to obtain unauthorized access to their resources. Methods must be developed to identify attacks on the systems and provide a forensically accurate description of the chain of events related to the unauthorized activity. This paper proposes a peer-to-peer (P2P) framework for network monitoring and forensics. Host-based security tools can be used to identify malicious events. The events can be communicated to other peers over a P2P network, where analysis, forensic preservation, and reporting of related information can be performed using spare CPU cycles.
Chapter PDF
Similar content being viewed by others
References
D. Anderson, J. Cobb, E. Korpela, M. Lebofsky and D. Werthimer, SETI@home, Communications of the ACM, vol. 45(11), pp. 56–62, 2002.
M. Bishop, Computer Security: Art and Science, Addison-Wesley, Reading, Massachusetts, 2003.
A. Chuvakin, Security event analysis through correlation, Information Systems Security, vol. 2(13), pp. 13–18, 2004.
D. Denning, An intrusion-detection model, IEEE Transactions on Software Engineering, vol. 13(2), pp. 222–231, 1987.
FOLDING@home (folding.stanford.edu).
JXTA (www.jxta.org).
A. Oram (Ed.), Peer-To-Peer Harnessing the Power of Disruptive Technologies, O’Reilly, Sebastopol, California, 2001.
G. Palmer, A road map for digital forensic research, Proceedings of the Digital Forensic Research Workshop, 2001.
netfilter/iptables (www.netfilter.org).
M. Roesch, SNORT-Lightweight intrusion detection for networks, Proceedings of the Thirteenth Systems Administration Conference, 1999.
SETI@home (setiathome.ssl.berkeley.edu).
snoop (docs.sun.com).
snort (www.snort.org).
R. Stevens, TCP/IP Illustrated, Volume 1, Addison-Wesley, Reading, Massachusetts, 1994.
tcpdump (www.tcpdump.org).
World Community Grid (www.worldcommunitygrid.brg).
N. Ye, S. Emran, Q. Chen and S. Vilbert, Multivariate statistical analysis of audit trails for host-based intrusion detection, IEEE Transactions on Computers, vol. 51(7), pp. 810–820, 2002.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
Redding, S. (2006). Using Peer-to-Peer Technology for Network Forensics. In: Pollitt, M., Shenoi, S. (eds) Advances in Digital Forensics. DigitalForensics 2005. IFIP — The International Federation for Information Processing, vol 194. Springer, Boston, MA. https://doi.org/10.1007/0-387-31163-7_12
Download citation
DOI: https://doi.org/10.1007/0-387-31163-7_12
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-30012-2
Online ISBN: 978-0-387-31163-0
eBook Packages: Computer ScienceComputer Science (R0)