Abstract
Payload attribution is the process to identify source and destination of packets which appeared in the network and contained certain excerpt. Payload attribution structures process and store corresponding network traffic in order to support identification and analysis afterwards. The work of this paper is based on an existing payload attribution data structure which stores and processes network traffic based on Bloom Filters. We propose a novel data structure called Winnowing Multihashing structure with Wildcard Query (WMWQ). Our methods support wildcard queries efficiently and have higher data reduction ratio as well as lower false positive rate. In addition, we show that the time complexity of querying a WMWQ is shown to be constant in the number of inserted data elements. The proposed methods can be used for network forensics traffic processing in large scale networks and can improve the efficiency of network forensics processing and analysis.
Network Forensics, Payload Attribution, Bloom Filter, Block Structure, False Positive
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sembiring, I., Istiyanto, J.E., Winarko, E., Ashari, A.: Payload Attribution Using Winnowing Multi Hashing Method. International Journal of Information & Network Security (IJINS) 2(5), 360–370 (2013) ISSN: 2089-3299
Ponec, M., Giura, P., Wein, J., Bronnimann, H.: New Payload Attribution Methods for Network Forensic Investigations. ACM Transactions on Information and System Security 13(2), Article 15 Publication. date: (February 2010)
Haghighat, M.H., Tavakoli, M., Kharrazi, M.: Payload Attribution via Character Dependent Multi-Bloom Filters. IEEE Transactions on Information Forensics and Security 8(5), 705–716 (2013)
Ranum, M.J.: Intrusion Detection and Network Forensics. Technical Report. Report from the Second USENIX symposium on Internet Technologies & Systems (USITS 1999), Boulder, Colorado, USA (1999)
Shanmugasundaram, K., Brönnimann, H., Memon, N.: Payload attribution via hierarchical bloom filters. In: Proc. 11th ACM Conf. Computer and Communications Security, pp. 31–41. ACM (2004)
Wiki. Payload (computing), http://en.wikipedia.org/wiki/Payload_computing (March 15, 2014)
Ponec, M., Giura, P., Brönnimann, H., Wein, J.: Highly efficient techniques for network forensics. In: Proc. 14th ACM Conf. Computer and Communications Security, pp. 150–160. ACM (2007)
Jiao, M.: The concept and theory of Bloom Filter, http://blog.csdn.net/jiaomeng/article/details/1495500.2007-01-27
Snoeren, A.: Hash-based ip traceback. Proc. ACM SIGCOMM Computer Communication Rev. 31(4), 3–14 (2001)
Demir, O., Ji, P., Kim, J.: Session based logging (sbl) for ip-traceback on network forensics. In: Proc. 2006 Int. Conf. Security and Management, pp. 233–239 (2006)
Cho, C., Lee, S., Tan, C., Tan, Y.: Network forensics on packet fingerprints. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds.) Security and Privacy in Dynamic Environments. IFIP AICT, vol. 201, pp. 401–412. Springer US (2006)
Bloom, B.: Space/time tradeoffs in in hash coding with allowable errors. In: CACM, pp. 422–426 (1970)
Broder, A., Mitzenmacher, M.: Network Applications of Bloom Filters: A Survey. Internet Mathematics 1(4), 485–509 (2004)
Rabin, M.O.: Fingerprinting by random polynomials. Center for Research in Computing Technology, Harvard University, Report TR-15-81 (1981)
Babcock, B., Datar, M., Motwani, R.: Sampling from a moving window over streaming data. In: Proceedings of 13th Annual ACM-SIAM Symposium on Discrete Algorithms (2002)
Datar, M., Gionis, A., Indyk, P., Motwani, R.: Maintaining stream statistics over sliding windows. In: ACM Symposium on Discrete Algorithms, pp. 635–644 (2001)
Mitzenmacher, M.: Compressed Bloom Filters. IEEE/ACM Transactions on Networking 10(5), 604–612 (2002)
Garfinkel, S.: Network Forensics: Tapping the internet
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Wei, Y., Fei, X., Chen, X., Shi, J., Qing, S. (2014). Winnowing Multihashing Structure with Wildcard Query. In: Han, W., Huang, Z., Hu, C., Zhang, H., Guo, L. (eds) Web Technologies and Applications. APWeb 2014. Lecture Notes in Computer Science, vol 8710. Springer, Cham. https://doi.org/10.1007/978-3-319-11119-3_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-11119-3_25
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11118-6
Online ISBN: 978-3-319-11119-3
eBook Packages: Computer ScienceComputer Science (R0)