Database Reference
In-Depth Information
Daily Counts of STATE==1 && DP==5554
986540
0
247
557497
290
986540
(a)
Hourly Counts of STATE==1 and DP==5554
210676
0
1094360704
210676
1094965504
110358
(b)
Figure 9.14
(See color insert following page 224.) (a) Histogram of suspi-
cious activity levels over a one-year period at one-day temporal resolution.
(b) Suspicious activity levels over a four week period at one-hour temporal
resolution. (c) Suspicious activity levels over a one-day period at one-hour
temporal resolution. Forensic network trac analysis is conducted by exam-
ining histograms of suspicious trac activity at varying temporal resolution.
These examples go from coarse, per-day resolution over a one-year time win-
dow down to per-minute resolution over a five-day window and show a regular
pattern of systematic network attacks that occur with temporal regularity.
the study show that forensic investigation of such massive datasets can be
conducted in an interactive fashion. Previous approaches would require hours
or days to conduct a similar investigation. The significance of this work is that
it shows the potential of coupling state-of-the-art scientific data management
