Efficient data capturing for network forensics in cognitive radio networks

Network forensics is an emerging interdiscipline used to track down cyber crimes and detect network anomalies for a multitude of applications. Efficient capture of data is the basis of network forensics. Compared to traditional networks, data capture faces significant challenges in cognitive radio networks. In traditional wireless networks, usually one monitor is assigned to one channel for traffic capture. This approach will incur very high cost in cognitive radio networks because it typically has a large number of channels. Furthermore, due to the uncertainty of the primary user's behavior, cognitive radio devices change their operating channels dynamically, which makes data capturing more difficult. In this paper, we propose a systematic method to capture data in cognitive radio networks with a small number of monitors. We utilize incremental support vector regression to predict packet arrival time and intelligently switch monitors between channels. We also propose a protocol that schedules multiple monitors to perform channel scanning and packet capturing in an efficient manner. Monitors are reused in the time domain, and geographic coverage is taken into account. The real-world experiments and simulations show that our method is able to achieve the packet capture rate above 70% using a small number of monitors, which outperforms the random scheme by 200%-300%.