A Graph Based Approach Toward Network Forensics Analysis

Wang, Wei; Daniels, Tom

doi:10.1145/1410234.1410238

Cited by 76 publications

(73 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The formalized definition can be found in (Wang, and Thomas, 2008;Liu, Singhal, and Wijesekera, 2013). The following is the one defined in Liu, Singhal and Wijesekera.…”

Section: (Probabilistic) Evidence Graphmentioning

confidence: 99%

“…p(e)=c(e) × w(e) × r(e) × h(e), where "w", "r" and "h" are weight, relevancy and the importance of an evidence edge "e" (Wang, W., and Thomas, E.D., 2008). "c" is the category of evidence, including primary evidence, secondary evidence and hypothesis testing based on expert knowledge.…”

Section: (Probabilistic) Evidence Graphmentioning

confidence: 99%

“…also demonstrated how to use this Bayesian probability assignment model by applying the model to a digital forensics legal case from Hong Kong Police Department, in which the defendant used his computer to distribute a pirated movie on the Internet by using BitTorrent (Magistrates' Court at Tuen Mun). Wang and Thomas (2008) use fuzzy-logic based correlation to find the causality relationship between different evidence, which constructs the attack scenario in a graph form. Fuzzy logic does not learn membership rules during or after problem solving.…”

Section: Related Workmentioning

confidence: 99%

“…In order to use IDS alerts as evidence, many have proposed aggregating redundant alerts and correlating them to determine multi-step, multi-stage attacks (Dain and Cunningham, 2001;Debar and Wespi, 2001;Wang and Thomas, 2008). While such aggregation can help in reconstructing a multi-stage, multi-step attack scenario, to the best of our knowledge, none of this work has been integrated with legal acceptability standards of evidence.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction

Liu¹,

Singhal²,

Wijesekera³

2014

JDFSL

View full text Add to dashboard Cite

Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-forensic tools to make it difficult to find incriminating evidence and reconstruct attack scenarios that can stand up to the expected level of evidence admissibility in a court of law. As a solution, we propose to integrate the legal aspects of evidence correlation into a Prolog based reasoner to address the admissibility requirements by creating most probable attack scenarios that satisfy admissibility standards for substantiating evidence. Using a prototype implementation, we show how evidence extracted by using forensic tools can be integrated with legal reasoning to reconstruct network attack scenarios. Our experiment shows this implemented reasoner can provide pre-estimate of admissibility on a digital crime towards an attacked network.

show abstract

“…The formalized definition can be found in (Wang, and Thomas, 2008;Liu, Singhal, and Wijesekera, 2013). The following is the one defined in Liu, Singhal and Wijesekera.…”

Section: (Probabilistic) Evidence Graphmentioning

confidence: 99%

Section: (Probabilistic) Evidence Graphmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction

Liu¹,

Singhal²,

Wijesekera³

2014

JDFSL

View full text Add to dashboard Cite

show abstract

“…Numerous tutorials are available on internet which provide handful of information about hacking and data theft (Kotenko & Stepashkin, 2006). Another area is the incorporation of anti-forensics such as data hiding, hiding IP, network steganography, data destruction, obfuscation and log cleaning into attacks to hinder the investigation (W. Wang & Daniels, 2008). One of the key drawbacks of network forensics is that they fail to prove the adequacy and integrity of gathered evidence (W. Wang & Daniels, 2008).…”

Section: Background and Motivationmentioning

confidence: 99%

Attack Graph Analysis for Network Anti-Forensics

Chandran

Yan

2014

International Journal of Digital Crime and Forensics

View full text Add to dashboard Cite

The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is the successful implementation and analysis of attack graph from gathered evidences. This paper conveys the main concepts of attack graphs, requirements for modeling and implementation of graphs. It also contributes the aspect of incorporation of anti-forensic techniques in attack graph which will help in analysis of the diverse possibilities of attack path deviations and thus aids in recommendation of various defense strategies for better security. To the best of our knowledge, this is the first time network anti-forensics has been fully discussed and the attack graphs are employed to analyze the network attacks. The experimental analysis of anti-forensic techniques using attack graphs were conducted in the proposed test-bed which helped to evaluate the model proposed and suggests preventive measures for the improvement of security of the networks.

show abstract

Network Forensic Frameworks

Joshi

Pilli

2016

Computer Communications and Networks

View full text Add to dashboard Cite

A Graph Based Approach Toward Network Forensics Analysis

Cited by 76 publications

References 11 publications

Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction

Relating Admissibility Standards for Digital Evidence to Attack Scenario Reconstruction

Attack Graph Analysis for Network Anti-Forensics

Network Forensic Frameworks

Contact Info

Product

Resources

About