Přehled o publikaci
2021
GRANEF: Utilization of a Graph Database for Network Forensics
ČERMÁK, Milan and Denisa ŠRÁMKOVÁBasic information
Original name
GRANEF: Utilization of a Graph Database for Network Forensics
Authors
ČERMÁK, Milan and Denisa ŠRÁMKOVÁ
Edition
Portugal, Proceedings of the 18th International Conference on Security and Cryptography, p. 785-790, 6 pp. 2021
Publisher
SCITEPRESS
Other information
Language
English
Type of outcome
Proceedings paper
Country of publisher
Portugal
Confidentiality degree
is not subject to a state or trade secret
Publication form
electronic version available online
References:
Organization
Ústav výpočetní techniky – Repository – Repository
ISBN
978-989-758-524-1
ISSN
UT WoS
000720102500082
EID Scopus
2-s2.0-85111865192
Keywords in English
Network Forensics;Graph Database;Dgraph;Zeek;Association-based Analysis
Links
833418, interní kód Repo.
Changed: 29/4/2022 03:08, RNDr. Daniel Jakubík
Abstract
V originále
Understanding the information in captured network traffic, extracting the necessary data, and performing incident investigations are principal tasks of network forensics. The analysis of such data is typically performed by tools allowing manual browsing, filtering, and aggregation or tools based on statistical analyses and visualizations facilitating data comprehension. However, the human brain is used to perceiving the data in associations, which these tools can provide only in a limited form. We introduce a GRANEF toolkit that demonstrates a new approach to exploratory network data analysis based on associations stored in a graph database. In this article, we describe data transformation principles, utilization of a scalable graph database, and data analysis techniques. We then discuss and evaluate our proposed approach using a realistic dataset. Although we are at the beginning of our research, the current results show the great potential of association-based analysis.
