* Faculty       * Staff       * Students & Alumni       * Committees       * Contact       * Institute Directory
* Undergraduate Program       * Graduate Program       * Courses       * Institute Catalog      
* Undergraduate       * Graduate       * Institute Admissions: Undergraduate | Graduate      
* Colloquia       * Seminars       * News       * Events       * Institute Events      
* Overview       * Lab Manual       * Institute Computing      
No Menu Selected

* News


ForNet: A Distributed Network Forensics System

Nasir Memon
Computer Science Department
Polytechnic University, New York

Tuesday, February 8, 2005
DCC 330- 4:00 p.m. to 5:00 p.m.
Refreshments at 3:30 p.m.

In this talk we introduce ForNet, a distributed network logging mechanism to aid digital forensics over wide area networks. We describe the need for such a system, review related work, present the architecture of the system, and discuss key research issues. We then describe the design and implementation of a prototype system that processes packets in a network and is able to attribute query payloads to source and destination hosts in the local network. It is based on a novel data structure called a Hierarchical Bloom Filter (HBF). An HBF allows us to form compact digests of payloads and provide probabilistic answers to membership queries. Our system is robust against certain packet transformations and flexible enough to be used if the query string is spread across several packets. Performance analysis and experimental results of the prototype system are also presented demonstrating its practicality and efficacy.

Short Bio: Nasir Memon is a professor in the computer science department at Polytechnic University, New York. Prof. Memon's research interests include Data Compression, Computer and Network Security and Multimedia Communication, Computing and Security.

Last updated: January 24, 2005