A Graph Based Approach Toward Network Forensics Analysis

被引:32
|
作者
Wang, Wei [1 ]
Daniels, Thomas E. [1 ]
机构
[1] Iowa State Univ, Dept Elect & Comp Engn, Ames, IA 50011 USA
来源
ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY | 2008年 / 12卷 / 01期
关键词
Security; network forensics; evidence graph; hierarchical reasoning;
D O I
10.1145/1410234.1410238
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this article we develop a novel graph-based approach toward network forensics analysis. Central to our approach is the evidence graph model that facilitates evidence presentation and automated reasoning. Based on the evidence graph, we propose a hierarchical reasoning framework that consists of two levels. Local reasoning aims to infer the functional states of network entities from local observations. Global reasoning aims to identify important entities from the graph structure and extract groups of densely correlated participants in the attack scenario. This article also presents a framework for interactive hypothesis testing, which helps to identify the attacker's nonexplicit attack activities from secondary evidence. We developed a prototype system that implements the techniques discussed. Experimental results on various attack datasets demonstrate that our analysis mechanism achieves good coverage and accuracy in attack group and scenario extraction with less dependence on hard-coded expert knowledge.
引用
收藏
页数:33
相关论文
共 50 条
  • [11] An approach based on mixed hierarchical clustering and optimization for graph analysis in social media network: toward globally hierarchical community structure
    Toujani, Radhia
    Akaichi, Jalel
    KNOWLEDGE AND INFORMATION SYSTEMS, 2019, 60 (02) : 907 - 947
  • [12] A Knowledge Graph Question Answering Approach to IoT Forensics
    Zhang, Ruipeng
    Xie, Mengjun
    PROCEEDINGS 8TH ACM/IEEE CONFERENCE ON INTERNET OF THINGS DESIGN AND IMPLEMENTATION, IOTDI 2023, 2023, : 446 - 447
  • [13] An Approach to Detect Network Attacks Applied for Network Forensics
    Nguyen, Khoa
    Tran, Dat
    Ma, Wanli
    Sharma, Dharmendra
    2014 11TH INTERNATIONAL CONFERENCE ON FUZZY SYSTEMS AND KNOWLEDGE DISCOVERY (FSKD), 2014, : 655 - 660
  • [14] A method of network forensics analysis based on frequent sequence mining
    Zhong Xiu-yu
    INTELLIGENT STRUCTURE AND VIBRATION CONTROL, PTS 1 AND 2, 2011, 50-51 : 578 - 582
  • [15] Poster: A Logic Based Network Forensics Model for Evidence Analysis
    Singhal, Anoop
    Liu, Changwei
    Wijesekera, Duminda
    CCS'15: PROCEEDINGS OF THE 22ND ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2015, : 1677 - 1677
  • [16] A Component-Centric Access Graph Based Approach to Network Attack Analysis
    Xiao, Xiaochun
    Zhang, Tiange
    Wang, Huan
    Zhang, Gendu
    2008 INTERNATIONAL SEMINAR ON FUTURE INFORMATION TECHNOLOGY AND MANAGEMENT ENGINEERING, PROCEEDINGS, 2008, : 171 - 176
  • [17] A Graph Database Supported GA-Based Approach to Social Network Analysis
    Ariadi, Arnold
    Shi, Tao
    Ma, Hui
    da Silva, Alexandre Sawczuk
    Hartmann, Sven
    2021 IEEE SYMPOSIUM SERIES ON COMPUTATIONAL INTELLIGENCE (IEEE SSCI 2021), 2021,
  • [18] Network Reconnaissance Investigation: A Memory Forensics Approach
    Al-Saleh, Mohammed I.
    Al-Sharif, Ziad A.
    Alawneh, Luay
    2019 10TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION SYSTEMS (ICICS), 2019, : 36 - 40
  • [19] A Visualization Scheme for Network Forensics Based on Attribute Oriented Induction Based Frequent Item Mining and Hyper Graph
    Jiang, Jianguo
    Chen, Jiuming
    Choo, Kim-Kwang Raymond
    Liu, Chao
    Liu, Kunying
    Yu, Min
    DIGITAL FORENSICS AND CYBER CRIME, ICDF2C 2017, 2018, 216 : 130 - 143
  • [20] A Graded Approach to Network Forensics with Privacy Concerns
    Brockelsby, William
    Dutta, Rudra
    2019 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC), 2019, : 292 - 297
12345