With consideration of the increasing importance of auditing system and the present auditing systems’ incapability of performing packet reassembling analysis, this research attempts to develop a “network-based auditing system with session tracking and monitoring” to assist network administrators to analyze and rearrange the packets into separate session groups. This developed system is able to reveal every single step of the unauthorized activities. As a result, the administrators can investigate each network session and its transferred data more efficiently, and reduced greatly the time for auditing data analysis. In addition, the event reconstruction simulates the actual event occurred at that time; this feature provides network administrators with more detailed and realistic insight concerning vulnerabilities in network security that need to be fixed. Also, this system keeps track of all network events, and collects related information in a set of auditing files (log files). Moreover, the collected records and reassembled files can serve as evidences in tracing cyber-crimes and as references for recovery process.
Chen, Yu-Jen; Hsieh, Wenchuan; Chiu, Yi-Hsien; and Song, Chen-Hwa, "The Study and Implementation of Network-Based Auditing System with Session Tracking and Monitoring" (2002). ICEB 2002 Proceedings. 192.