2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC) (2018)
July 23, 2018 to July 27, 2018
A software-based monitoring system is required for choosing monitor points flexibly in cloud network forensics. Especially, in the mission-critical network, since system halt cannot be allowed, the infected system must remove malware analyzing existing attack patterns and estimating potential attack scenarios. It requires full capture for reconstructing the attack behavior. In this research, we realize a software-based full capture monitoring system. First, Linux and libpcap packet capture procedure are investigated, and it is clarified that the packet losses occur depending on ingress throughput, the read stop time, the number of blocks and the block size of the ring buffer. We proposed a tuning method using those parameters for loss-less capturing and confirmed the proposed method can establish loss-less property.
Monitoring, Kernel, Packet loss, Throughput, Tuning, Cloud computing
S. Ishihara and T. Akiyama, "A Tuning Method of a Monitoring System for Network Forensics in Cloud Environment," 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Tokyo, Japan, 2018, pp. 951-954.