The Design and Implementation of A Network Provenance System Framework

Network forensic analysis and fault diagnosis are becoming increasingly important in network management and network security domain. This requires network management system has the ability to query network metadata, i.e. the network provenance functionality. For instance, network provenance can be used in tracking the path of dataflow through the network to obtain the source of message data. This paper presents the design and implementation of a network provenance system (NPS) framework, the framework is used to support the full range of functionality required for enabling forensics in distributed systems. We adopt the declarative networking coding method proposed in the networking domain to maintain and query distributed network provenance. The framework prototype is developed using Rapidnet, a declarative networking platform based on the ns-3 network simulator. Simulation experiments are conducted in simulated network, the experiment results indicates that our network provenance system could support provenance process in a large-scale distributed network and significantly reduce bandwidth cost compared to traditional approach.