ForNet: A Distributed Network Forensics System

Channel:
Microsoft Research
Subscribers:
344,000
Published on ● Video Link: https://www.youtube.com/watch?v=i2msnRm_1q8


Duration: 58:29
57 views
0

In this talk we postulate that the current methodologies for collecting evidence to support network forensics neither scale well for large networks nor can store evidence long enough to be useful. We then explore the idea of storing evidence in the form of `synopses` in order to reduce storage constraints and to increase the longevity of collected evidence. Synopses reduce raw network traffic to succinct forms such that information useful for postmortems can be stored for prolonged periods of time. Furthermore, we propose an architecture for a system, called ForNet, that collects and disseminates the necessary evidence to support postmortems of security incidents. We discuss the design and implementation of a prototype of the proposed architecture. ForNet is currently deployed at Polytechnic University and monitors network traffic around the clock. Finally, we demonstrate the feasibility of using synopses and ForNet in postmortems of security incidents by analyzing some events at the University.



Other Videos By Microsoft Research


2016-09-07Geometric Optics, Duality and Congestion in Sensornets [1/2]
2016-09-07All Rise: Somebodies, Nobodies and the Politics of Dignity
2016-09-07Hierarchical Bayesian Models for Rating Individual Players from Group Competitions
2016-09-07Interoperability and natural language processing for business rules engines
2016-09-07Random Matrices and Spectral Clustering Abstract
2016-09-07Generalized Algebraic Data Types and Object-Oriented Programming
2016-09-07Memex Summit (Digital Memories Workshop) - Content-Based Similarity Search with MyLifeBits
2016-09-07Statistical Modelling of Biological Networks
2016-09-07Market Design and Analysis for Network Systems
2016-09-07Behind the Code with Anders Hejlsberg
2016-09-07ForNet: A Distributed Network Forensics System
2016-09-07Memex Summit (Digital Memories Workshop) - MyHealthBits: Advanced Personal Health Record
2016-09-07Memex Summit (Digital Memories Workshop) - Memex Metadata (M2) for Personal Educational Portfolio
2016-09-07Resource Allocation Algorithms for Energy Efficient Wireless Networks
2016-09-07Memex Summit (Digital Memories Workshop) - SenseCam and Memory Rehabilitation
2016-09-07Memex Summit (Digital Memories Workshop) - What Did We See? & WikiGIS
2016-09-07Cross-Layer Design of Wireless Ad-Hoc Networks
2016-09-07Collaborative Annotation, Archival and Visualization in a Biofeedback Rehabilitation system
2016-09-07Memex Summit (Digital Memories Workshop) - SenseCam Work at Dublin City University
2016-09-07Algorithms for discovering repeated patterns and computing pitch names in music
2016-09-07Memex Summit (Digital Memories Workshop) - College and as Assistive Technology


Tags:
microsoft research