Security Monitoring for Wireless Network Forensics
ABSTRACT
With the broad deployment of WiFi networks nowadays, it is easy for malicious network users to camouflage their true identities through randomly hopping onto open wireless networks, conduct an attack and leave without being caught. Most of the current infrastructures of wireless networks do not keep logs of network activities by default, which makes it hard to obtain important network traces that may facilitate future forensics investigations for a suspicious network event. In this work, we outline a Security Monitoring System for Wireless Network Forensics (SMoWF), which aims to establish a forensic database based on (encrypted or hashed) wireless trace digests, and to answer the critical investigation questions: which wireless device appeared at where during what time? We propose to accomplish our goal through three steps: 1. Design a network trace logging method that records the abstract of useful fields of network packets. Here only abstracts of packets are kept due to privacy protection concerns. 2. Design a query/search system that allows users to conduct forensic analysis based on gathered traces; 3. Study and integrate localization algorithms into SMoWF, which can provide the location estimation of a given device when such information is needed.
Award ID: 0904901
Submitted by Katie Dey
on
ABSTRACT
With the broad deployment of WiFi networks nowadays, it is easy for malicious network users to camouflage their true identities through randomly hopping onto open wireless networks, conduct an attack and leave without being caught. Most of the current infrastructures of wireless networks do not keep logs of network activities by default, which makes it hard to obtain important network traces that may facilitate future forensics investigations for a suspicious network event. In this work, we outline a Security Monitoring System for Wireless Network Forensics (SMoWF), which aims to establish a forensic database based on (encrypted or hashed) wireless trace digests, and to answer the critical investigation questions: which wireless device appeared at where during what time? We propose to accomplish our goal through three steps: 1. Design a network trace logging method that records the abstract of useful fields of network packets. Here only abstracts of packets are kept due to privacy protection concerns. 2. Design a query/search system that allows users to conduct forensic analysis based on gathered traces; 3. Study and integrate localization algorithms into SMoWF, which can provide the location estimation of a given device when such information is needed.
Award ID: 0904901