Loading...

Payload attribution via character dependent multi-bloom filters

Haghighat, M. H ; Sharif University of Technology | 2013

445 Viewed
  1. Type of Document: Article
  2. DOI: 10.1109/TIFS.2013.2252341
  3. Publisher: 2013
  4. Abstract:
  5. Network forensic analysts employ payload attribution systems (PAS) as an investigative tool, which enables them to store and summarize large amounts of network traffic, including full packet payload. Hence an investigator could query the system for a specific string and check whether any of the packets transmitted previously in the network contained that specific string. As a shortcoming, the previously proposed techniques are unable to support wildcard queries. Wildcards are an important type of query that allow the investigator to locate strings in the payload when only part of the string is known. In this paper, a new data structure for payload attribution, named Character Dependent Multi-Bloom Filters, will be presented which, in addition to improving the previously proposed techniques, is able to support wildcard queries as well
  6. Keywords:
  7. Bloom filter ; Network forensics ; Payload attribution system ; Wildcard search ; Bloom filters ; Character dependents ; Large amounts ; Network traffic ; Packet payloads ; Payload attribution ; Computer networks ; Safety engineering ; Data structures
  8. Source: IEEE Transactions on Information Forensics and Security ; Volume 8, Issue 5 , 2013 , Pages 705-716 ; 15566013 (ISSN)
  9. URL: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6478806