Hviz: HTTP(S) traffic aggregation and visualization for network forensics

Hviz: HTTP(S) traffic aggregation and visualization for network forensics

HTTP and HTTPS traffic recorded at the perimeter of an organization is an exhaustive data source for the forensic investigation of security incidents. However, due to the nested nature of today's Web page structures, it is a huge manual effort to tell apart benign traffic caused by regular user browsing from malicious traffic that relates to malware or insider threats. We present Hviz, an inter...

Active Traffic Capture for Network Forensics

Data Visualization for Social Network Forensics

With hundreds of millions of users worldwide, forensic data extraction from social networks has become an important research problem. However, forensic data collection is tightly connected to social network operators, which leads to problems related to data completeness and data compatibility. This paper discusses the important data sources and analytical methods for the forensic analysis of so...

HTTPS Vulnerability to Fine Grain Traffic Analysis

In this thesis, we apply the pattern recognition and data processing strengths of machine learning to accomplish traffic analysis objectives. Traffic analysis relies on the use of observable features of encrypted traffic in order to infer plaintext contents. We apply a clustering technique to HTTPS encrypted traffic on websites covering medical, legal and financial topics and achieve accuracy r...

Identification of Repeated DoS Attacks using Network Traffic Forensics

Once an attacker has compromised a set of machines, typically, he will repeatedly deploy the same set of machines to attack different targets. In this paper, we propose a method to identify repeated attack scenarios, that is, the combination of a particular set of hosts and attack tool, by making use of pattern recognition techniques. While previous methods have focused on intrusion detection u...