Design And Implementation Of Data Acquisition In Network Forensics System Based On Multi Agent

The coming of the information age has brought great convenience to people’s life, at thesame time, all kinds of network crimes are increasingly rampant, causing great damage topeople’s life. Norton2013report of the survey shows that, in the world, because of networkcrimes per capita loss from last year’s$197to$298. Thus, combating network crime should beimperative. A basis to prevent and attack network crime is effective acquisition of network datawhich endanger network security, so the network data acquisition has become the major work incombating network crimes. However, the network data is different from the traditional data.Dynamic and massive network data determines the particularity of the acquisition process, so thetraditional data acquisition system can not meet the network data collection. In addition, thenovelty of cyber-crime has also increased the difficulty. Therefore, developing a networkforensics data acquisition system against network crime is imperative. Based on this, this papermainly carry out the work from the following aspects:(1)On the basis of reading lots of documents about network forensics and learning to visitpublic security system, we have a clear goal of the system and give the system demand analysis.Thus, we determine the five main types of system data to be collected: static network basicinformation, dynamic network packets, firewall logs, browser information, and informationabout memory, keyboard and mouse usage that obtained through real-time monitoring.(2)This paper constructs a network forensics data based on multi Agent system model. Thismodel uses multi-Agent technology to achieve a distributed method by way of proxy for networkpacket capture, and division of labor and allocation of Agent, realizing the communication andcooperation among Agent, solving the bottleneck problem in the process of dynamic and massnetwork data acquisition, improving the efficiency of the network data collection.(3)We carry out a three layer technical architecture for the system and a detailed design oneach module of the system and its sub-module, at the same time, for the convenience of users wealso carry out an integrated query design. Finally, we design the system database and its datatables.(4)The system chooses VS2010as development environment, using C#as the programminglanguage under the.Net of Framework4, and SQL Server2008as the system database to realize each function of the system. Finally we collect the data relates to network forensics, for thesubsequent forensic analysis provides a rich data source, and the application effect is good.