Large Scale Network Forensics

The Edward Byrne Memorial Discretionary Grants Program (Byrne Discretionary Program) helps local communities improve the capacity of local justice systems and provides for national support efforts. This project is authorized and funded through a line item in the FY 08 Congressional Budget. Funds should be used for purposes recommended by Congress.

The Polytechnic University will develop techniques to monitor computer networks for malicious attacks through analysis of network traffic data, design, and testing. They will develop techniques to monitor large networks for forensics and detection of stealthy attacks. Over the past three years, researchers at Polytechnic University have developed a distributed network forensics system called ForNet. ForNet collects and summarizes network traffic, which is then made available for analysis. Based on their ForNet work, they will create a distributed platform for large scale network monitoring, detection and response. Specific project activity will include characterization of stealthy attacks, from the characterizations identification of data to be collected and how it needs to be synopsized and processed in order to facilitate detection. Using ForNet, they will build and test the protype detection mechanisms on known stealthy attacks and on custom crafted attacks. The Polytechnic University will report the results of the study and analysis methodology in technical reports; submitted to major conferences, workshops, and journals for review and feedback from the scientific community and shared local and federal law enforcement agencies.

NCA/NCF