Identity Linking in Computer Networks

Libor Polčák, Ondřej Ryšavý, Petr Matoušek


Lawful interception, network forensics, and security incident investigations require cross-layer linking of identification information to link different activities of a particular person. This paper presents a model called graphs of identifiers that allows cross-layer linking of identifiers detected by various methods. Graphs of identifiers provide operations that link identifiers according to the constraints provided in the queries. The goal is to employ the linking during early stages of the network forensic investigations when an investigator searches for leads. The tools that implement the proposed model are publicly available.


Paper Citation