VAST: A Unified Platform for Interactive Network Forensics
Title | VAST: A Unified Platform for Interactive Network Forensics |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Vallentin, M., Paxson V., & Sommer R. |
Published in | Proceedings of USENIX Sympyosium on Networked Systems Design and Implementation |
Date Published | 03/2016 |
Abstract | Network forensics and incident response play a vital role in site operations, but for large networks can pose daunting difficulties to cope with the ever-growing volume of activity and resulting logs. On the one hand, logging sources can generate tens of thousands of events per second, which a system supporting comprehensive forensics must somehow continually ingest. On the other hand, operators greatly benefit from interactive exploration of disparate types of activity when analyzing an incident. In this paper, we present the design, implementation, and evaluation of VAST (Visibility Across Space and Time), a distributed platform for high-performance network forensics and incident response that provides both continuous ingestion of voluminous event streams and interactive query performance. VAST leverages a native implementation of the actor model to scale both intra-machine across available CPU cores, and inter-machine over a cluster of commodity systems. |
URL | http://www.icir.org/vern/papers/vast-nsdi16.pdf |
ICSI Research Group | Networking and Security |