Document Type
Dissertation
Major/Program
Accounting
First Advisor's Name
Niki Pissinou
First Advisor's Committee Title
Committee Chair
Second Advisor's Name
Hao Zhu
Second Advisor's Committee Title
Committee Member
Third Advisor's Name
Kang K. Yen
Third Advisor's Committee Title
Committee Member
Fourth Advisor's Name
Kia Makki
Fourth Advisor's Committee Title
Committee Member
Fifth Advisor's Name
Ronald Giachetti
Fifth Advisor's Committee Title
Committee Member
Keywords
network security, network forensics, peer to peer, mobile ad hoc network
Date of Defense
3-26-2008
Abstract
The Internet has become an integral part of our nation's critical socio-economic infrastructure. With its heightened use and growing complexity however, organizations are at greater risk of cyber crimes. To aid in the investigation of crimes committed on or via the Internet, a network forensics analysis tool pulls together needed digital evidence. It provides a platform for performing deep network analysis by capturing, recording and analyzing network events to find out the source of a security attack or other information security incidents. Existing network forensics work has been mostly focused on the Internet and fixed networks. But the exponential growth and use of wireless technologies, coupled with their unprecedented characteristics, necessitates the development of new network forensic analysis tools. This dissertation fostered the emergence of a new research field in cellular and ad-hoc network forensics. It was one of the first works to identify this problem and offer fundamental techniques and tools that laid the groundwork for future research. In particular, it introduced novel methods to record network incidents and report logged incidents. For recording incidents, location is considered essential to documenting network incidents. However, in network topology spaces, location cannot be measured due to absence of a 'distance metric'. Therefore, a novel solution was proposed to label locations of nodes within network topology spaces, and then to authenticate the identity of nodes in ad hoc environments. For reporting logged incidents, a novel technique based on Distributed Hash Tables (DHT) was adopted. Although the direct use of DHTs for reporting logged incidents would result in an uncontrollably recursive traffic, a new mechanism was introduced that overcome this recursive process. These logging and reporting techniques aided forensics over cellular and ad-hoc networks, which in turn increased their ability to track and trace attacks to their source. These techniques were a starting point for further research and development that would result in equipping future ad hoc networks with forensic components to complement existing security mechanisms.
Identifier
FI08081554
Recommended Citation
Zhao, Xiwei, "Foundational Forensic Techniques for Cellular and Ad Hoc Multi-hop Networks" (2008). FIU Electronic Theses and Dissertations. 23.
https://digitalcommons.fiu.edu/etd/23
Rights Statement
In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).