TELECOMMUNICATIONS AND RADIO ENGINEERING - 2010 Vol. 69,
No 7 		 

 

 

 

Communications Reconstruction for a Network Security Analysis


J. Sisniega-Gonzalez, E. Aguirre-Anaya, M.Nakano-Miyatake, & H. Perez-Meana
National Polytechnic Institute of Mexico, Mexico-city, Mexico
Address all correspondence to J. Sisniega-Gonzalez E-mail: kvf@pochta.ru

Abstract
The influence of computer technology on the human activities has greatly increased during the last three decades, which has generated considerable increase of computer crimes in computer networks.  Besides that the increase of network traffic is huge, doing the analysis of traffic data complicated.  In this paper a forensics network model is proposed, which allows to obtain the existing evidence in an involved TCP/IP network storage.  The network flows had been subjected to attacks and intrusions and therefore an analysis will be necessary to determinate when data constitutes evidence and as consequence it can be presented to a court.  Evaluation results show the desirables features of proposed scheme to reconstruct the data flow for network analysis purposes.

KEY WORDS: computer networks, users, information security, monitoring model



References
  1. Barradas-Acosta, A., Aguirre-Anaya, E., Nakano-Miyatake, M., Perez-Meana, H., (2009), Neural Network Based Attack Detection Algorithm, WSEAS Transactions on Computers, 8(6):905-915.
  2. Central Statistics Office Ireland, (2007), Statistical Yearbook of Ireland, Chapter 8.
  3. Garber, L., (2001), Computer Forensics. High-Tech Law Enforcement, IEEE Computer Society's Computer Magazine, 34(1):22-27.
  4. Fernandez, J.D., Smith, S., Garcia, M., and Kar, D., (2005), Computer forensics: a critical need in computer science programs, ACM Journal of Computing Sciences in Colleges, 20(4):315-322.
  5. Tahar, R. and Benferhat, S, (2006), Towards Handling Dynamic Security Policies, WSEA Transactions on Computers, 1(2):162-167.
  6. Aguilar, J., Abraham, B., and Moreno, G., (2009), A security incidents management for a CERT based on Swarm Intelligence, WSEAS Transactions on Computers, 8(8):1398-1407.
  7. Palmer, G., (2001), A Road Map for Digital Forensic Research, The MITRE Corporation.
  8. National Institute of Justice, (2001), Electronic Crime Scene Investigation. A Guide for First Responders, http://www.ncjrs.org/pdffiles1/nij/187736.pdf.
  9. Baryamureeba, V. and Tushabe, F., (2004), The Enhanced Digital Investigation Process Model, Proc. of the Fourth Digital Forensic Research Workshop, The Institute of Computer Science, Makerere University.
  10. Ranum, M., (2008), Network Flight Recorder, http://www.ranum.com/.
  11. Eoghan, C., (2004), Digital Evidence and Computer Crime, Oxford Press.
  12. Peisert, S. and Bishop, M., (2008), Computer Forensics In Forensic, University of California, San Diego. USA.
  13. Nikkel, B., (2005), Generalizing sources of live network evidence, Digital Investigation, 2(3):193-200.
  14. Bruschi, D., Monga, M., and Rosti, E., (2003), Trusted Internet Forensics: design of a network forensics appliance, Int. Conf. on Security and Privacy for Emerging Areas in Communication Networks: 33-35.
  15. Berkeley, L., (2008), National Laboratory. Tcpdump and libpcap. http://www.tcpdump.org/.
  16. Kornexl, S., Paxson, V., Dreger, H., Feldmann, A., and Sommer, R., (2005), Building a Time Machine for Efficient Recording and Retrieval of High-Volume Network Traffic, Proc. of 5th ACM SIGCOMM Conf. on Internet Measurement.


pages 629-638

Back