Skip to Main content Skip to Navigation
Journal articles

A visual analytics approach for the cyber forensics based on different views of the network traffic

Abstract : Network forensics is based on the analysis of network traffic. Traffic analysis is a routine procedure, but it allows one to not only identify the cause of the security breach, but also step by step to recreate the whole picture of what happened. To analyze the traffic, investigators usually use Wireshark, a software that has the graphical interface and has greater capabilities for sorting and filtering packets. But even with it, packet analysis takes a lot of time. In this paper, we propose an approach for cyber forensics based on different views on the network traffic. Using this approach, it is possible to signifi- cantly improve the efficiency of forensic scientists, including the rapid localization of anomalies and, importantly, the creation of easily understandable graphical proofs and histories of computer attacks. The example of the investigation of the attack SSL-strip is a way to classify different views (slices) of traffic and a scheme for using for these slices different models of visualization. Also provides an assessment and recommendations for the application of visual analytics methods.
Document type :
Journal articles
Complete list of metadata
Contributor : Françoise Grélaud <>
Submitted on : Thursday, October 29, 2020 - 10:57:56 AM
Last modification on : Thursday, March 18, 2021 - 2:34:42 PM



Igor Kotenko, Maksim Kalameyets, Andrey Chechulin, Yannick Chevalier. A visual analytics approach for the cyber forensics based on different views of the network traffic. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, Innovative Information Science & Technology Research Group (ISYOU), 2018, 9 (2), pp.57--73. ⟨10.22667/JOWUA.2018.06.30.057⟩. ⟨hal-02982976⟩



Record views