BROWSE
Detail
Conference Paper
Cyber Black Box: Network Intrusion Forensics System for Collecting and Preserving Evidence of Attack
Cited - time in 
Share 
Share
- Authors
- Jong-Hyun Kim, Joo-Young Lee, Yangseo Choi, Sunoh Choi, Ik-kyun Kim
- Issue Date
- 2015-12
- Citation
- SRI Security Congress 2015, pp.104-110
- Language
- English
- Type
- Conference Paper
- Abstract
- Once the system is compromised, the forensics and investigation are always executed after the attacks and the loss of some useful instant evidence. Since there is no log information necessary for analyzing an attack cause after the cyber incident occurs, it is difficult to analyze the cause of an intrusion even after an intrusion event is recognized. Moreover, in an advanced cyber incident such as advanced persistent threats, several months or more are expended in only analyzing a cause, and it is difficult to find the cause with conventional security equipment. In this paper, we introduce a network intrusion forensics system for collecting and preserving the evidence of an intrusion, it is called Cyber Black Box that is deployed in Local Area Network environment. It quickly analyzes a cause of an intrusion event when the intrusion event occurs, and provides a function of collecting evidence data of the intrusion event. The paper also describes the experimental results of the network throughput performance by deploying our proposed system in an experimental testbed environment.
- KSP Keywords
- Intrusion event, Network Environment, Network intrusion, Throughput performance, advanced persistent threat, cyber blackbox, cyber incident, experimental testbed, local area network(LAN), log information, network throughput