Native actors : how to scale network forensics

Vallentin, Matthias; Charousset, Dominik; Schmidt, Thomas C.; Paxson, Vern; Wählisch, Matthias

doi:10.1145/2740070.2631471

DC Element	Wert	Sprache
dc.contributor.author	Vallentin, Matthias	-
dc.contributor.author	Charousset, Dominik	-
dc.contributor.author	Schmidt, Thomas C.	-
dc.contributor.author	Paxson, Vern	-
dc.contributor.author	Wählisch, Matthias	-
dc.date.accessioned	2020-08-26T09:15:03Z	-
dc.date.available	2020-08-26T09:15:03Z	-
dc.date.issued	2014	-
dc.identifier.issn	0146-4833	en_US
dc.identifier.uri	http://hdl.handle.net/20.500.12738/913	-
dc.description.abstract	When an organization detects a security breach, it undertakes a forensic analysis to figure out what happened. This investigation involves inspecting a wide range of heterogeneous data sources spanning over a long period of time. The iterative nature of the analysis procedure requires an interactive experience with the data. However, the distributed processing paradigms we find in practice today fail to provide this requirement: the batch-oriented nature of MapReduce cannot deliver sub-second round-trip times, and distributed in-memory processing cannot store the terabytes of activity logs needed to inspect during an incident. We present the design and implementation of Visibility Across Space and Time~(VAST), a distributed database to support interactive network forensics, and libcppa, its exceptionally scalable messaging core. The extended actor framework libcppa enables VAST to distribute lightweight tasks at negligible overhead. In our live demo, we showcase how VAST enables security analysts to grapple with the huge amounts of data often associated with incident investigations.	en
dc.language.iso	en	en_US
dc.publisher	Association for Computing Machinery (ACM)	en_US
dc.relation.ispartof	ACM SIGCOMM computer communication review	en_US
dc.subject	Security	en_US
dc.subject	Network Forensics	en_US
dc.subject	Message-oriented Middleware	en_US
dc.subject.ddc	004: Informatik	en_US
dc.title	Native actors : how to scale network forensics	en
dc.type	inProceedings	en_US
dc.relation.conference	SIGCOMM Chicago 2014	en_US
dc.description.version	Unknown	en_US
tuhh.container.endpage	142	en_US
tuhh.container.issue	4	en_US
tuhh.container.startpage	141	en_US
tuhh.container.volume	44	en_US
tuhh.oai.show	true	en_US
tuhh.publication.institute	Department Informatik	en_US
tuhh.publication.institute	Fakultät Technik und Informatik	en_US
tuhh.publisher.doi	10.1145/2740070.2631471	-
tuhh.relation.ispartofseries	Proceedings of the SIGCOMM Chicago 2014 & the best of the co-located workshops	en_US
tuhh.type.opus	InProceedings (Aufsatz / Paper einer Konferenz etc.)	-
dc.type.casrai	Conference Paper	-
dc.type.dini	contributionToPeriodical	-
dc.type.driver	contributionToPeriodical	-
dc.type.status	info:eu-repo/semantics/publishedVersion	en_US
dcterms.DCMIType	Text	-
item.grantfulltext	none	-
item.creatorGND	Vallentin, Matthias	-
item.creatorGND	Charousset, Dominik	-
item.creatorGND	Schmidt, Thomas C.	-
item.creatorGND	Paxson, Vern	-
item.creatorGND	Wählisch, Matthias	-
item.cerifentitytype	Publications	-
item.tuhhseriesid	Proceedings of the SIGCOMM Chicago 2014 & the best of the co-located workshops	-
item.creatorOrcid	Vallentin, Matthias	-
item.creatorOrcid	Charousset, Dominik	-
item.creatorOrcid	Schmidt, Thomas C.	-
item.creatorOrcid	Paxson, Vern	-
item.creatorOrcid	Wählisch, Matthias	-
item.languageiso639-1	en	-
item.openairecristype	http://purl.org/coar/resource_type/c_5794	-
item.fulltext	No Fulltext	-
item.openairetype	inProceedings	-
item.seriesref	Proceedings of the SIGCOMM Chicago 2014 & the best of the co-located workshops	-
crisitem.author.dept	Department Informatik	-
crisitem.author.orcid	0000-0002-0956-7885	-
crisitem.author.parentorg	Fakultät Technik und Informatik	-
Enthalten in den Sammlungen:	Publications without full text