Читать книгу Security Issues and Privacy Concerns in Industry 4.0 Applications - Группа авторов - Страница 42

NetworkMiner analysis is an open-source network forensics analysis tool that aims to collect malicious attacks or threats over the cloud; these things help in the forensics investigation. In the implementation phase, cloud user direct data collection and separation or filtration layer, where it can start/ stop/reset cloud VMs that running as a forensics service.

The collaboration of the layers performs both the tasks, for example, VMM and network forensics task. NetworkMiner received collected data from OpenNebula and then run accumulator and analysis forensics process-layer as a cloud-based service for aggregate as well as analyze provided captured data. The documentation layer performs visualization of the analysis output. Our modified has additional forensics components (shown in Figure 2.3) that ensure safe machine communication and also help for further investigation.

Figure 2.3 NetworkMiner analysis tool cloud-based forensics services.

The actual cloud environment provided by OpenNebula and Network Miner is as under:

 The first is to start data collection, trigger to start the forensics process on the cloud network;

 Next is stop data collection, trigger to stop the network forensics process;

 Virtual machine identity (VM-ID) used by OpenNebula for setting the action parameter of an individual virtual machine;

 OpenNebula translating VM-ID into MAC network address;

 Filtering the MAC address;

 Help to capture the PCAP file (Package capture file) used for tackle network traffic;

 An additional component of network forensics Network Miner analysis tool manages the entire VMs analysis (VMM); the main task is to collect, separate, accumulate, and analyze data for proper communication;

 The control manager triggers the overall system action.

In the next section, we calculate the performance matrix of OpenNebula and NetworkMiner, and also compare both the accuracy and efficiency of the tools to the other well-known network forensics tools.