Virtual flow-net for accountability and forensics of computer and network systems



Information/secret leaking cannot always be recorded in digital log files. In other words, in log files, not all information/events are recorded, and it is thus impossible to trace the paths of secret leaking on the basis of log files alone. In this paper, to resolve the difficulty of the lack of information, we utilize user–relationship graphs, or social networks, to compensate for the required information. We also utilize a probabilistic analysis to build virtual links to follow information flows. User–relationship graphs are constructed from several flow-net data structures over a longer period so that we can avoid missing embedded threats such as hostile codes. We call this approach virtual flow-net. Copyright © 2011 John Wiley & Sons, Ltd.