GRANEF: Utilization of a Graph Database for Network Forensics

Logo poskytovatele

Varování

Publikace nespadá pod Filozofickou fakultu, ale pod Ústav výpočetní techniky. Oficiální stránka publikace je na webu muni.cz.
Autoři

ČERMÁK Milan ŠRÁMKOVÁ Denisa

Rok publikování 2021
Druh Článek ve sborníku
Konference Proceedings of the 18th International Conference on Security and Cryptography
Fakulta / Pracoviště MU

Ústav výpočetní techniky

Citace
www https://www.scitepress.org/PublicationsDetail.aspx?ID=av7edGmfq2Y=
Doi http://dx.doi.org/10.5220/0010581807850790
Klíčová slova Network Forensics;Graph Database;Dgraph;Zeek;Association-based Analysis
Přiložené soubory
Popis Understanding the information in captured network traffic, extracting the necessary data, and performing incident investigations are principal tasks of network forensics. The analysis of such data is typically performed by tools allowing manual browsing, filtering, and aggregation or tools based on statistical analyses and visualizations facilitating data comprehension. However, the human brain is used to perceiving the data in associations, which these tools can provide only in a limited form. We introduce a GRANEF toolkit that demonstrates a new approach to exploratory network data analysis based on associations stored in a graph database. In this article, we describe data transformation principles, utilization of a scalable graph database, and data analysis techniques. We then discuss and evaluate our proposed approach using a realistic dataset. Although we are at the beginning of our research, the current results show the great potential of association-based analysis.
Související projekty:

Používáte starou verzi internetového prohlížeče. Doporučujeme aktualizovat Váš prohlížeč na nejnovější verzi.