Mnemosyne: Designing and Implementing Network Short-Term Memory

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Giovanni Vigna Articles by Andrew Mitchell

Eighth IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'02)

Greenbelt, Maryland

December 02-December 04

ISBN: 0-7695-1757-9

	ASCII Text	x
	Giovanni Vigna, Andrew Mitchell, "Mnemosyne: Designing and Implementing Network Short-Term Memory," Engineering of Complex Computer Systems, IEEE International Conference on, pp. 91, Eighth IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'02), 2002.

	BibTex	x
	@article{ 10.1109/ICECCS.2002.1181501, author = {Giovanni Vigna and Andrew Mitchell}, title = {Mnemosyne: Designing and Implementing Network Short-Term Memory}, journal ={Engineering of Complex Computer Systems, IEEE International Conference on}, volume = {0}, year = {2002}, issn = {1050-4729}, pages = {91}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICECCS.2002.1181501}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Engineering of Complex Computer Systems, IEEE International Conference on TI - Mnemosyne: Designing and Implementing Network Short-Term Memory SN - 1050-4729 SP EP A1 - Giovanni Vigna, A1 - Andrew Mitchell, PY - 2002 KW - null VL - 0 JA - Engineering of Complex Computer Systems, IEEE International Conference on ER -

Giovanni Vigna, University of California, Santa Barbara

Andrew Mitchell, University of California, Santa Barbara

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICECCS.2002.1181501

Network traffic logs play an important role in incident analysis. With the increasing throughput of network links, maintaining a complete log of all network activity has become a task that requires an enormous amount of resources. We propose an approach to network monitoring that mitigates the resource consumption problem while still providing effective support to evidence collection and incident analysis. The approach relies on a tool, called MNEMOSYNE, that maintains a sliding window containing the traffic that has been recently seen on a network link. MNEMOSYNE provides improved logging features, such as multiple streams, support for cross-stream queries, and dynamic remote reconfiguration. By integrating MNEMOSYNE with real-time intrusion detection capability, it is possible to provide incident analysis functionality and effective evidence collection, without having to maintain complete traffic logs. This paper describes the MNEMOSYNE tool, its architecture, and presents the results of the quantitative evaluation of its performance.

Keywords: Network Security, Intrusion Detection, Network Forensics, Incident Analysis

Citation:

Giovanni Vigna, Andrew Mitchell, "Mnemosyne: Designing and Implementing Network Short-Term Memory," iceccs, pp.91, Eighth IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'02), 2002

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.