A network forensics tool for precise data packet capture and replay in cyber-physical systems

Parry, Jack, Hunter, Daniel, Radke, Kenneth, & Fidge, Colin J. (2016) A network forensics tool for precise data packet capture and replay in cyber-physical systems. In Australasian Computer Science Week Multiconference (ACSC2016), 2-5 February 2016, Canberra, A.C.T.

View at publisher


Network data packet capture and replay capabilities are basic requirements for forensic analysis of faults and security-related anomalies, as well as for testing and development. Cyber-physical networks, in which data packets are used to monitor and control physical devices, must operate within strict timing constraints, in order to match the hardware devices' characteristics. Standard network monitoring tools are unsuitable for such systems because they cannot guarantee to capture all data packets, may introduce their own traffic into the network, and cannot reliably reproduce the original timing of data packets. Here we present a high-speed network forensics tool specifically designed for capturing and replaying data traffic in Supervisory Control and Data Acquisition systems. Unlike general-purpose "packet capture" tools it does not affect the observed network's data traffic and guarantees that the original packet ordering is preserved. Most importantly, it allows replay of network traffic precisely matching its original timing. The tool was implemented by developing novel user interface and back-end software for a special-purpose network interface card. Experimental results show a clear improvement in data capture and replay capabilities over standard network monitoring methods and general-purpose forensics solutions.

Impact and interest:

0 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

67 since deposited on 22 Feb 2016
67 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 93110
Item Type: Conference Paper
Refereed: Yes
Keywords: Network forensics, packet capture and replay, cyber-physical systems, control system security
DOI: 10.1145/2843043.2843047
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000)
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Copyright Owner: Copyright 2016 ACM
Deposited On: 22 Feb 2016 02:52
Last Modified: 26 Feb 2016 04:30

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page