Home // ICNS 2019, The Fifteenth International Conference on Networking and Services // View article

A Scalable Architecture for Network Traffic Forensics

Authors:
Viliam Letavay
Jan Pluskal
Ondrěj Ryšavý

Keywords: Network forensic analysis, Network traffic processing, Actor model

Abstract:
The availability of high-speed Internet enables new opportunities for various cybercrime activities. Security administrators and Law Enforcement Agency (LEA) officers call for powerful tools capable of providing network communication analysis of an enormous amount of network traffic as well as capable of analyzing an incomplete network data. Big data technologies were considered to implement tools for capturing, processing and storing packet traces representing network communication. Often, these systems are resource intensive requiring a significant amount of memory, computing power, and disk space. The presented paper describes a novel approach to real-time network traffic processing implemented in a distributed environment. The key difference to most existing systems is that the system is based on a light-weight actor model. The whole processing pipeline is represented in terms of actor nodes that can run in parallel. Also, the actor-model offers a solution that is highly configurable and scalable. The preliminary evaluation of a prototype implementation supports these general statements.

Pages: 32 to 36

Copyright: Copyright (c) IARIA, 2019

Publication date: June 2, 2019

Published in: conference

ISSN: 2308-4006

ISBN: 978-1-61208-711-5

Location: Athens, Greece

Dates: from June 2, 2019 to June 6, 2019