Efficient data capturing for network forensics in cognitive radio networks

Network forensics is widely used in tracking down criminals and detecting network anomalies, and data capture is the basis of network forensics. Compared to traditional networks, data capture faces significant challenges in cognitive radio networks. In traditional wireless networks, one monitor is usually assigned to one channel to capture traffic, which incurs very high cost in a cognitive radio network because the latter typically has a large number of channels. Furthermore, due to the uncertainty of the primary user´s activity, cognitive radio devices change their operating channels randomly, which makes data capturing more difficult. In this paper, we propose a systematic method to capture data in cognitive radio networks with a small number of monitors. We utilize incremental support vector regression to predict packet arrival time and intelligently switch monitors between channels. In addition, a protocol is proposed to schedule multiple monitors to perform channel scan and packet capturing in an efficient manner. The real-world experiments and simulations show that our method is able to achieve the packet capture rate above 70% using a small number of monitors, which outperforms the random scheme by 200%-300%.