Enriching Network Security Analysis with Time Travel

  title={Enriching Network Security Analysis with Time Travel},
  author={Gregor Maier TU Berlin and Anja Feldmann TU Berlin and Fabian Schneider TU Berlin},
  • Gregor Maier TU Berlin, Anja Feldmann TU Berlin, Fabian Schneider TU Berlin
  • Published 2008
In many situations it can be enormously helpful to archive the raw contents of a network traffic stream to disk, to enable later inspection of activity that becomes interesting only in retrospect. We present a Time Machine (TM) for network traffic that provides such a capability. The TM leverages the heavy-tailed nature of network flows to capture nearly all of the likely-interesting traffic while storing only a small fraction of the total volume. An initial proof-of-principle prototype… CONTINUE READING