[liberationtech] Scalable Network Forensics

[Yosem Companys]

From: Matthias Vallentin <vallentin at cs.berkeley.edu>

Title:      Scalable Network Forensics
Speaker:    Matthias Vallentin
Advisor:    Prof. Vern Paxson
Date/Time:  Thursday, April 28, 3:30 - 4:30 p.m.
Location:   373 Soda Hall, UC Berkeley

Network forensics and incident response play a vital role in site
operations, but for large networks can pose daunting difficulties to
cope with the ever-growing volume of activity and resulting logs. On the
one hand, logging sources can generate tens of thousands of events per
second, which a system supporting comprehensive forensics must somehow
continually ingest. On the other hand, operators greatly benefit from
interactive exploration of disparate types of activity when analyzing an
incident.

In this talk, I present the design, implementation, and evaluation of
VAST (Visibility Across Space and Time), a distributed platform for
high-performance network forensics and incident response that provides
continuous ingestion of voluminous event streams and interactive query
performance. VAST leverages a native implementation of the actor model
to scale both intra-machine across available CPU cores, and
inter-machine over a cluster of commodity systems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20160424/be203c03/attachment.html>