A protocol-independent technique for eliminating redundant network traffic
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Web tap: detecting covert web traffic
Proceedings of the 11th ACM conference on Computer and communications security
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
Resource-aware multi-format network security data storage
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Building a time machine for efficient recording and retrieval of high-volume network traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Enriching network security analysis with time travel
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Redundancy in network traffic: findings and implications
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Quantifying Information Leaks in Outbound Web Traffic
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
RRDtrace: Long-term Raw Network Traffic Recording using Fixed-size Storage
MASCOTS '10 Proceedings of the 2010 IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
Building a high-performance deduplication system
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
Digital forensics research: The next 10 years
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
This paper presents Horizon Extender, a system for long-term preservation of data leakage evidence in enterprise networks. In contrast to classical network intrusion detection systems that keep only packet records of suspicious traffic (black-listing), Horizon Extender reduces the total size of captured network traces by filtering out all records that do not reveal potential evidence about leaked data (white-listing). Horizon Extender has been designed to exploit the inherent redundancy and adherence to protocol specification of general Web traffic. We show in a real-life network including more than 1000 active hosts that Horizon Extender is able to reduce the total HTTP volume by 99.8%, or the outgoing volume by 90.9% to 93.9%, while preserving sufficient evidence to recover retrospectively time, end point identity, and content of information leaked over the HTTP communication channel.