|
Prikladnaya Diskretnaya Matematika, 2008, Number 2(2), Pages 84–86
(Mi pdm39)
|
|
|
|
Mathematical Foundations of Computer Security
Centralized analysis of geographically-distributed network traffic
V. V. Lapshin Tomsk State University
Abstract:
The paper covers the centralized analysis of geographically-distributed network traffic. Traffic capture techniques, captured traffic delivery, aggregation, analysis and decision-making are presented. A special GNU/Linux distribution with integrated PF_RING technology is created. It makes possible successful hi-speed (1Gb/s) traffic capture. The captured traffic delivery system consists of two parts: client(s) and server. Both applications use encryption methods to transport captured traffic. The encryption methods are virtually unlimited due to the extensible encryption primitives. By default, a probabilistic stream cryptosystem called libpssc is used. After decryption, all the captured traffic is directed to a processing center where it becomes available for analysis. The processing center allows to plug in at real-time special independent plugins which analyze the traffic according to a criteria. Many plugins can work at once. Pilot implementation details and other results are reported also.
Citation:
V. V. Lapshin, “Centralized analysis of geographically-distributed network traffic”, Prikl. Diskr. Mat., 2008, no. 2(2), 84–86
Linking options:
https://www.mathnet.ru/eng/pdm39 https://www.mathnet.ru/eng/pdm/y2008/i2/p84
|
Statistics & downloads: |
Abstract page: | 293 | Full-text PDF : | 122 | First page: | 2 |
|