• DocumentCode
    2136764
  • Title

    Towards an Estimation of the Accuracy of TCP Reassembly in Network Forensics

  • Author

    Wagener, Gérard ; Dulaunoy, Alexandre ; Engel, Thomas

  • Author_Institution
    Univ. of Luxembourg, Luxembourg
  • Volume
    2
  • fYear
    2008
  • fDate
    13-15 Dec. 2008
  • Firstpage
    273
  • Lastpage
    278
  • Abstract
    Today, honeypot operators are strongly relying on network analysis tools to examine network traces collected in their honeynet environment. The accuracy of such analysis depends on the ability of the tools to properly reassemble streams especially TCP sessions. Network forensics analysis quality is tight to those tools and we evaluated widely used network analysis tools. We pinpoint TCP reassembly errors with their causes and propose algorithms and analytical techniques to measure them in order to improve network forensic analysis.
  • Keywords
    computer networks; telecommunication security; transport protocols; TCP reassembly; honeynet environment; honeypot; network analysis tool; network forensics; Algorithm design and analysis; Equations; Forensics; Intrusion detection; Monitoring; Network topology; Out of order; Proposals; Protocols; Software tools; flow; network forensic; network security; reassembly errors; tcp; tcp/ip;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Future Generation Communication and Networking, 2008. FGCN '08. Second International Conference on
  • Conference_Location
    Hainan Island
  • Print_ISBN
    978-0-7695-3431-2
  • Type

    conf

  • DOI
    10.1109/FGCN.2008.118
  • Filename
    4734221
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2136764