Network Forensics Analysis Using Piecewise Polynomials

Abstract

The information transferred over computer networks is vulnerable to attackers. Network forensics deals with the capture, recording, and analysis of network events to determine the source of security attacks and other network-related problems. Electronic devices send communications across networks by sending network data in the form of packets. Networks are typically represented using discrete statistical models. Discrete statistical models are computationally expensive and utilize a significant amount of memory. A continuous piecewise polynomial model is proposed to address the shortcomings of discrete models and to further aid forensic investigators. Piecewise polynomial approximations are beneficial because sophisticated statistics are easier to perform on smooth continuous data , rather than on unpredictable discrete data. Polynomials, moreover, utilize roughly six times less memory than a collection of individual data points, making this approach storage-friendly. A variety of networks have been modeled, and it is possible to distinguish network traffic using a piecewise polynomial approach. These preliminary results show that representing network traffic as piecewise polynomials can be applied to the area of network forensics for the purpose of intrusion analysis. This type of analysis will consist of not only identifying an attack, but also discovering details about the attacks and other suspicious network activity by comparing and distinguishing archived piecewise polynomials.