Traceback: A Forensic Tool for Distributed Systems

Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 44)

Abstract

In spite of stringent security measures on the components of a distributed system and well-defined communication procedures between the nodes of the system, an exploit may be found that compromises a node, and may be propagated to other nodes. This paper describes an incident-response method to analyse an attack. The analysis is required to patch the vulnerabilities and may be helpful in finding and removing backdoors installed by the attacker. This analysis is done by logging all relevant information of each node in the system at regular intervals at a centralised store. The logs are compressed and sent in order to reduce network traffic and use lesser storage space. The state of the system is also stored at regular intervals. This information is presented by a replay tool in a lucid, comprehensible manner using a timeline. The timeline shows the saved system states (of each node in the distributed system) as something similar to checkpoints. The events and actions stored in the logs act on these states and this shows a replay of the events to the analyser. A time interval during which an attack that took place is suspected to have occurred can be analysed thoroughly using this tool.

Keywords

Forensics Incident response Distributed system 

References

  1. 1.
    Balakrishnan, R., Sahoo, R.K.: Lossless compression for large scale cluster logs. In: 20th International Parallel and Distributed Processing Symposium (IPDPS 2006), IEEE (2006)Google Scholar
  2. 2.
    Skibiski, P., Swacha, J.: Fast and efficient log file compression. In: CEUR Workshop Proceedings of 11th East-European Conference on Advances in Databases and Information Systems (ADBIS 2007) (2007)Google Scholar
  3. 3.
    Ren, W., Jin, H.: Distributed agent-based real time network intrusion forensics system architecture design. In: 19th International Conference on Advanced Information Networking and Applications (AINA 2005), vol. 1, IEEE (2005)Google Scholar
  4. 4.
    Hunt, R., Slay, J.: Achieving critical infrastructure protection through the interaction of computer security and network forensics. In: 2010 Eighth Annual International Conference on Privacy Security and Trust (PST), IEEE (2010)Google Scholar
  5. 5.
    Capuzzi, G., Spalazzi, L., Pagliarecci, F.: IRSS: Incident response support system. In: International Symposium on Collaborative Technologies and Systems (CTS 2006), IEEE (2006)Google Scholar
  6. 6.
    Benchmarks for popular compression algorithms. http://www.maximumcompression.com/data/log.php
  7. 7.
    MongoDB Official Documentation. http://www.mongodb.org/
  8. 8.

Copyright information

© Springer India 2016

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringNational Institute of Technology KarnatakaSurathkal, MangaloreIndia

Personalised recommendations