Fast Packet Recovery – Technical Challenges and Solutions

PDF

Authors
  1. Vandenberghe, G.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN)
Abstract
Network security analysts review packets associated with network security events on a daily basis. The packet data that is being reviewed is collected using a distributed real time data acquisition system. The volume of data that is collected is very large making it challenging to store, summarize, access, and manage. This study demonstrates a new technique for storing packet data which uses a selectively recoverable compressed file format that is compatible with the GZIP compression algorithm. This means that compressed files can be readily exchanged and decompressed using standard tools or selected sections of data can be recovered using a modified GZIP program. To summarize the content of the compressed files, an IP based summarization tool is also demonstrated. This summarization tool is faster and generates more compact data files than commonly used flow based traffic summarization tools. Finally, to simplify data collection for the distributed packet logging system, a centralized user interface is demonstrated that can find and recover the packets requested by the analyst.

Il y a un résumé en français ici.

Report Number
DRDC-OTTAWA-TM-2008-209 — Technical Memorandum
Date of publication
01 Oct 2008
Number of Pages
64
DSTKIM No
CA031491
CANDIS No
530397
Format(s):
CD ROM

Permanent link

Document 1 of 1

Date modified: