Title :
Towards an Estimation of the Accuracy of TCP Reassembly in Network Forensics
Author :
Wagener, Gérard ; Dulaunoy, Alexandre ; Engel, Thomas
Author_Institution :
Univ. of Luxembourg, Luxembourg
Abstract :
Today, honeypot operators are strongly relying on network analysis tools to examine network traces collected in their honeynet environment. The accuracy of such analysis depends on the ability of the tools to properly reassemble streams especially TCP sessions. Network forensics analysis quality is tight to those tools and we evaluated widely used network analysis tools. We pinpoint TCP reassembly errors with their causes and propose algorithms and analytical techniques to measure them in order to improve network forensic analysis.
Keywords :
computer networks; telecommunication security; transport protocols; TCP reassembly; honeynet environment; honeypot; network analysis tool; network forensics; Algorithm design and analysis; Equations; Forensics; Intrusion detection; Monitoring; Network topology; Out of order; Proposals; Protocols; Software tools; flow; network forensic; network security; reassembly errors; tcp; tcp/ip;
Conference_Titel :
Future Generation Communication and Networking, 2008. FGCN '08. Second International Conference on
Conference_Location :
Hainan Island
Print_ISBN :
978-0-7695-3431-2
DOI :
10.1109/FGCN.2008.118
