The Community for Technology Leaders
2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC) (2018)
Tokyo, Japan
July 23, 2018 to July 27, 2018
ISSN: 0730-3157
ISBN: 978-1-5386-2667-2
pp: 951-954
ABSTRACT
A software-based monitoring system is required for choosing monitor points flexibly in cloud network forensics. Especially, in the mission-critical network, since system halt cannot be allowed, the infected system must remove malware analyzing existing attack patterns and estimating potential attack scenarios. It requires full capture for reconstructing the attack behavior. In this research, we realize a software-based full capture monitoring system. First, Linux and libpcap packet capture procedure are investigated, and it is clarified that the packet losses occur depending on ingress throughput, the read stop time, the number of blocks and the block size of the ring buffer. We proposed a tuning method using those parameters for loss-less capturing and confirmed the proposed method can establish loss-less property.
INDEX TERMS
Monitoring, Kernel, Packet loss, Throughput, Tuning, Cloud computing
CITATION

S. Ishihara and T. Akiyama, "A Tuning Method of a Monitoring System for Network Forensics in Cloud Environment," 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Tokyo, Japan, 2018, pp. 951-954.
doi:10.1109/COMPSAC.2018.00165
172 ms
(Ver 3.3 (11022016))