Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Home
  • Attend
    • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
    • Students and Grants
  • Activities
    • Birds-of-a-Feather Sessions
    • Poster Session and Happy Hour
  • Program
    • At a Glance
    • Technical Sessions
  • Sponsorship
  • Participate
    • Instructions for Participants
    • Call for Papers
    • Call for Posters
  • About
    • Organizers
    • Help Promote
    • Questions
    • Past Symposia
  • Home
  • Attend
  • Activities
  • Program
  • Sponsorship
  • Participate
  • About

sponsors

Silver Sponsor
Silver Sponsor
Silver Sponsor
Silver Sponsor
Bronze Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Industry Partner

help promote

NSDI '16 button

Get more
Help Promote graphics!

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป VAST: A Unified Platform for Interactive Network Forensics
Tweet

connect with us

VAST: A Unified Platform for Interactive Network Forensics

Authors: 

Matthias Vallentin, University of California, Berkeley; Vern Paxson, University of California, Berkeley, and International Computer Science Institute; Robin Sommer, International Computer Science Institute and Lawrence Berkeley National Laboratory

Abstract: 

Network forensics and incident response play a vital role in site operations, but for large networks can pose daunting dif- ficulties to cope with the ever-growing volume of activity and resulting logs. On the one hand, logging sources can generate tens of thousands of events per second, which a system supporting comprehensive forensics must somehow continually ingest. On the other hand, operators greatly benefit from interactive exploration of disparate types of activity when analyzing an incident.

In this paper, we present the design, implementation, and evaluation of VAST (Visibility Across Space and Time), a distributed platform for high-performance network forensics and incident response that provides both continuous ingestion of voluminous event streams and interactive query performance. VAST leverages a native implementation of the actor model to scale both intra-machine across available CPU cores, and inter-machine over a cluster of commodity systems.

Matthias Vallentin, University of California, Berkeley

Vern Paxson, University of California, Berkeley/International Computer Science Institute

Robin Sommer, International Computer Science Institute and Lawrence Berkeley National Laboratory

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {194944,
author = {Matthias Vallentin and Vern Paxson and Robin Sommer},
title = {{VAST}: A Unified Platform for Interactive Network Forensics},
booktitle = {13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16)},
year = {2016},
isbn = {978-1-931971-29-4},
address = {Santa Clara, CA},
pages = {345--362},
url = {https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/vallentin},
publisher = {USENIX Association},
month = mar,
}
Download
Vallentin PDF
View the slides

Presentation Audio

MP3 Download

Download Audio

  • Log in or    Register to post comments

Silver Sponsors

Bronze Sponsors

Media Sponsors & Industry Partners

Open Access Publishing Partner

© USENIX

  • Privacy Policy
  • Contact Us