Biblio
Filters: Keyword is network forensic [Clear All Filters]
Profiling of secure chat and calling apps from encrypted traffic. 2018 15th International Bhurban Conference on Applied Sciences and Technology (IBCAST). :502–508.
.
2018. Increased use of secure chat and voice/ video apps has transformed the social life. While the benefits and facilitations are seemingly limitless, so are the asscoiacted vulnerabilities and threats. Besides ensuring confidentiality requirements for common users, known facts of non-readable contents over the network make these apps more attractive for criminals. Though access to contents of cryptograhically secure sessions is not possible, network forensics of secure apps can provide interesting information which can be of great help during criminal invetigations. In this paper, we presented a novel framework of profiling the secure chat and voice/ video calling apps which can be employed to extract hidden patterns about the app, information of involved parties, activities of chatting, voice/ video calls, status indications and notifications while having no information of communication protocol of the app and its security architecture. Signatures of any secure app can be developed though our framework and can become base of a large scale solution. Our methodology is considered very important for different cases of criminal investigations and bussiness intelligence solutions for service provider networks. Our results are applicable to any mobile platform of iOS, android and windows.
Towards Distributed Threat Intelligence in Real-Time. Proceedings of the SIGCOMM Posters and Demos. :76–78.
.
2017. In this demo, we address the problem of detecting anomalies on the Internet backbone in near real-time. Many of today's incidents may only become visible from inspecting multiple data sources and by considering multiple vantage points simultaneously. We present a setup based on the distributed forensic platform VAST that was extended to import various data streams from passive measurements and incident reporting at multiple locations, and perform an effective correlation analysis shortly after the data becomes exposed to our queries.