Passive network forensics: behavioural classification of network hosts based on connection patterns

ACM SIGOPS Operating Systems Review, pp. 99-111, 2008.

Cited by: 15|Views7
EI

Abstract:

Passive monitoring of the data entering and leaving an enterprise network can support a number of forensic objectives. We have developed analysis techniques for NetFlow data that use behavioural identification and can confirm individual host roles and behaviours expressed as connection patterns. By looking at the way a given machine inter...More

Code:

Data:

Get fulltext within 24h
Bibtex
Your rating :
0

 

Tags
Comments