SCOPE
HOME
THE THIRD INTERNATIONAL CONFERENCE ON FORENSIC COMPUTER SCIENCE - ICoFCS 2008
Online ISBN: 978-85-65069-02-1 - Print ISSN: 1980-1114, pp 60-68
DOI: 10.5769/C2008006 and http://dx.doi.org/10.5769/C2008006
Análises de fluxos para coleta de evidências
By André Proto, Jorge Juiz Corrêa, Adriano Mauro Cansian
To download this paper, click here.
Online ISBN: 978-85-65069-02-1 - Print ISSN: 1980-1114, pp 60-68
DOI: 10.5769/C2008006 and http://dx.doi.org/10.5769/C2008006
Análises de fluxos para coleta de evidências
By André Proto, Jorge Juiz Corrêa, Adriano Mauro Cansian
To download this paper, click here.
To return to the "Published Papers" main page, click here.
ABSTRACT
The IPFIX (IP Flow Information Export) standard, increasingly used by network administrators, allows traffic analyses and tracking of large-scale computer networks, allowing evidence gathering of security events. Its analysis methodology requires lower computational cost than packet analysis methodology. The purpose of this article is to propose a storage model for IPFIX which uses relational database enabling an infrastructure for traffic analyses and intrusion detection, by means of the resources offered by structured query language (SQL). The results will provide investigation data related to events occurred on network computers.
KEYWORDS
Data flow analysis, database, intrusion detection, IPFIX, NetFlow, network computers, security, SQL
The IPFIX (IP Flow Information Export) standard, increasingly used by network administrators, allows traffic analyses and tracking of large-scale computer networks, allowing evidence gathering of security events. Its analysis methodology requires lower computational cost than packet analysis methodology. The purpose of this article is to propose a storage model for IPFIX which uses relational database enabling an infrastructure for traffic analyses and intrusion detection, by means of the resources offered by structured query language (SQL). The results will provide investigation data related to events occurred on network computers.
KEYWORDS
Data flow analysis, database, intrusion detection, IPFIX, NetFlow, network computers, security, SQL