{"title":"开放轨迹环境下的网络取证调查","authors":"Alexander Heckel, Daniel Spiekermann","doi":"10.1145/3360664.3360676","DOIUrl":null,"url":null,"abstract":"The requirements of today's data center networks include scalability, multi-tenancy and isolation from the underlying infrastructure, which are primarily achieved through the use of network virtualization. As a downside, the overall complexity increases with the number of technologies involved, which has a significant impact upon network forensic investigation. In this context we investigated OpenContrail, an open source framework for network virtualization that provides built-in methods for collecting network traffic. In our research, we concluded that these methods work in principle, but are not suitable to capture network traffic that can be used in court. The packet mirroring turned out to be incomplete and the capture process can be detected by the virtual machine under investigation. Based on these findings, we developed a more flexible agent that especially ensures the transparency of the capture process for the suspicious virtual machine.","PeriodicalId":409365,"journal":{"name":"Proceedings of the Third Central European Cybersecurity Conference","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Network Forensic Investigation in OpenContrail Environments\",\"authors\":\"Alexander Heckel, Daniel Spiekermann\",\"doi\":\"10.1145/3360664.3360676\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The requirements of today's data center networks include scalability, multi-tenancy and isolation from the underlying infrastructure, which are primarily achieved through the use of network virtualization. As a downside, the overall complexity increases with the number of technologies involved, which has a significant impact upon network forensic investigation. In this context we investigated OpenContrail, an open source framework for network virtualization that provides built-in methods for collecting network traffic. In our research, we concluded that these methods work in principle, but are not suitable to capture network traffic that can be used in court. The packet mirroring turned out to be incomplete and the capture process can be detected by the virtual machine under investigation. Based on these findings, we developed a more flexible agent that especially ensures the transparency of the capture process for the suspicious virtual machine.\",\"PeriodicalId\":409365,\"journal\":{\"name\":\"Proceedings of the Third Central European Cybersecurity Conference\",\"volume\":\"41 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-11-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Third Central European Cybersecurity Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3360664.3360676\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Third Central European Cybersecurity Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3360664.3360676","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Network Forensic Investigation in OpenContrail Environments
The requirements of today's data center networks include scalability, multi-tenancy and isolation from the underlying infrastructure, which are primarily achieved through the use of network virtualization. As a downside, the overall complexity increases with the number of technologies involved, which has a significant impact upon network forensic investigation. In this context we investigated OpenContrail, an open source framework for network virtualization that provides built-in methods for collecting network traffic. In our research, we concluded that these methods work in principle, but are not suitable to capture network traffic that can be used in court. The packet mirroring turned out to be incomplete and the capture process can be detected by the virtual machine under investigation. Based on these findings, we developed a more flexible agent that especially ensures the transparency of the capture process for the suspicious virtual machine.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
