Passive network forensics: behavioural classification of network hosts based on connection patterns
ACM SIGOPS Operating Systems Review, pp. 99-111, 2008.
Passive monitoring of the data entering and leaving an enterprise network can support a number of forensic objectives. We have developed analysis techniques for NetFlow data that use behavioural identification and can confirm individual host roles and behaviours expressed as connection patterns. By looking at the way a given machine inter...More
Full Text (Upload PDF)
PPT (Upload PPT)