City University of Hong Kong
DSpace
 

CityU Institutional Repository >
4_Student Final Year Projects >
Computer Science - Undergraduate Final Year Projects >

Please use this identifier to cite or link to this item: http://hdl.handle.net/2031/413

Title: BALL: designing and implementing network black box
Authors: Li, Anthony Yat Wan
Department: Department of Computer Science
Issue Date: 2005
Supervisor: Prof. Jia Xiaohua. First Reader: Dr. Wan Pengjun. Second Reader: Miss Mong Florence
Abstract: When it comes to network security, firewalls must be mentioned. However, firewalls was failed to block attacks from application layers as it permitted vulnerable protocols such as HTTP and FTP to pass. New technologies such as intrusion detection systems (IDS) and intrusion prevention systems (IPS) have brought us a new problem of accuracy. While the former generated tons of confusing alerts with false-positives mixed together and no trace of false-negatives, the latter even blocked innocent traffic and costs losses in services outage. In the other hand, attacks have becoming more sophisticated: hackers were targeting applications. And the new explosion of zero-day attacks, which occurred at the day of announcement of the corresponding vulnerability, urged security professionals to redefine the conventional mechanisms in information security. With those reasons, network forensics analysis has been applied since the time of computer network was born. It aimed to collect evidence for counts after an incident. And it has been evolved even further to gather evidence before, during and after an incident. This project focused on the current technologies in network security and network forensics, to design an innovative system model with an idea of ‘Black Box’ for both areas called ‘BALL: the Network Black Box’. With concern on the practical issues such as growing network speed and limited storage space, ‘Packet Dispatching’ which was evolved from traditional packet filtering, was proposed to solve the problem by dispatching a packet into different storage queues with different limits according to different sets of filters, together formed different capture rules. Finally, two versions of the model – ballCLI and ballGUI – were implemented and tested for verifications.
Appears in Collections:Computer Science - Undergraduate Final Year Projects

Files in This Item:

File SizeFormat
fulltext.html164 BHTMLView/Open

Items in CityU IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

Valid XHTML 1.0!
DSpace Software © 2013 CityU Library - Send feedback to Library Systems
Privacy Policy · Copyright · Disclaimer