Paper
Páginas: 4 (841 palabras)
Publicado: 9 de diciembre de 2012
Challenge– Construction of an Adequate Digital Forensics Testbed
Adel Elmaghraby, James Graham, Jana Godwin, Michael Losavio, Deborah Wilson University of Louisville Abstract
The Challenge - Whatis an adequate laboratory specification for emulating network attacks and experimenting with network forensics, other digital forensics techniques and social behavioral traits? Could publishedspecifications for different scales of research assist in research development? Is the specification described here adequate for research purposes? What additional considerations are needed for simulatingnetwork attacks and validating forensic tools?
1. Introduction - network forensics experimentation
Network forensics is “the capture, recording, and analysis of network events in order to discoverthe source of security attacks or other problem incidents” per Marcus Ranum.[1] The testing of network security and forensic activity in a controlled environment aids in the development ofunderstanding, practices and tools for these domains. We wish to construct a testbed for experimentation as to reliable conclusions for the detection, investigation and attribution of security attacks. Thisincludes examination of behavioral profiles of attackers that may be later extended to general on-line activity. We seek an adequate laboratory specification. However, it is important to assemble data setsfor various scenarios and create attack generators using appropriate modeling and data analysis. These data sets and data generators are essential for testing and validation of tools used within thetestbed environment.
2. Proposed laboratory specification
The basis for a proposed network forensics testbed is a simulated Internet cloud with a dedicated router that also functions as a framedelay. We propose to connect several Subnets to this Internet cloud using simulated T1 connections. For cost purposes we limit this to three subnets. Each subnet includes a DMZ and clients attached to...
Adel Elmaghraby, James Graham, Jana Godwin, Michael Losavio, Deborah Wilson University of Louisville Abstract
The Challenge - Whatis an adequate laboratory specification for emulating network attacks and experimenting with network forensics, other digital forensics techniques and social behavioral traits? Could publishedspecifications for different scales of research assist in research development? Is the specification described here adequate for research purposes? What additional considerations are needed for simulatingnetwork attacks and validating forensic tools?
1. Introduction - network forensics experimentation
Network forensics is “the capture, recording, and analysis of network events in order to discoverthe source of security attacks or other problem incidents” per Marcus Ranum.[1] The testing of network security and forensic activity in a controlled environment aids in the development ofunderstanding, practices and tools for these domains. We wish to construct a testbed for experimentation as to reliable conclusions for the detection, investigation and attribution of security attacks. Thisincludes examination of behavioral profiles of attackers that may be later extended to general on-line activity. We seek an adequate laboratory specification. However, it is important to assemble data setsfor various scenarios and create attack generators using appropriate modeling and data analysis. These data sets and data generators are essential for testing and validation of tools used within thetestbed environment.
2. Proposed laboratory specification
The basis for a proposed network forensics testbed is a simulated Internet cloud with a dedicated router that also functions as a framedelay. We propose to connect several Subnets to this Internet cloud using simulated T1 connections. For cost purposes we limit this to three subnets. Each subnet includes a DMZ and clients attached to...
Leer documento completo
Regístrate para leer el documento completo.