Background
Cyberattacks against companies, research institutions, and critical infrastructures are increasing. Modern security efforts often begin only after a successful breach, with digital forensics and incident response operating under pressure. Network analysis is essential for early detection and forensic reconstruction. However, in high-speed or virtualized environments, reliable and complete packet capture remains a challenge.
Goals
C2PANDA addresses these challenges by building a modular and scalable research infrastructure with speeds up to 800 Gbps. The center focuses on:
- Lossless packet capture in dynamic, virtual, and high-speed networks
- Automated, real-time analysis and incident detection
- Open standards for forensic tools and interfaces
- Collaboration with law enforcement and industry
Research & Innovation
C2PANDA closes key gaps in current forensic and cybersecurity research. It develops:
- Detection methods for encrypted and encapsulated traffic
- Analysis of packet loss in virtual overlays and SDNs
- Secure coding practices for programmable networks (SeCode4P4)
- Interoperable forensic toolchains
The accompanying research project SeCode4P4, led by Prof. Dr. Holger Schmidt, focuses on secure P4 programming to improve both infrastructure security and forensic capabilities.
Consortium
Led by Prof. Dr. Daniel Spiekermann, C2PANDA unites academic excellence and practical expertise. Core partners include:
- G DATA Advanced Analytics
- Neox Networks
- Cybersense GmbH
- LKA Niedersachsen
Outlook
C2PANDA provides a sustainable research platform and acts as a driver for standardization and innovation in network forensics. It supports real-world testing, scalable simulation, training for security professionals, and direct knowledge transfer to industry and government sectors.
Funding
The C2PANDA project is supported by public funding under grant number EFRE-20200164.
