Dynamical Network Forensics Based on Immune Agent

“…One of the main problems with these approaches is not good at detecting and reconstructing the hidden/multi-steps attacks. Recently artificial intelligence technologies, such as artificial neural network (ANN) [20], support vector machine (SVM) [22], artificial immune system (AIS) [2], etc., are developed to extract significant features for computer forensics to automate and simplify the process. These techniques are effective in reducing the computingtime and increasing the intrusion detection accuracy to a certain extent, but they are limited in forensic analysis.…”

“…Wang [6] summarizes two major technical challenges in this field: (1) Forensic analysts are overwhelmed by huge volumes of low-quality evidence. (2) Cyber attacks are becoming increasingly sophisticated. There are many variations of multi-stage attacks.…”

“…Only after a criminal event happens, can such tools make a corresponding response through a long time and with human interventions. Furthermore such tools usually cannot find the crucial evidence for network forensics in the network environment [2].…”

“…Much progress is being made to protect internet and intranet, such as the firewall and intrusion detection system, but capacity of these solutions is limited, these defensive mechanisms are not sufficient to eliminate cyber attack threats. Recently, other types of computer protection approaches called as network forensics become more important [1,2].…”

Network forensics based on fuzzy logic and expert system

“…One of the main problems with these approaches is not good at detecting and reconstructing the hidden/multi-steps attacks. Recently artificial intelligence technologies, such as artificial neural network (ANN) [20], support vector machine (SVM) [22], artificial immune system (AIS) [2], etc., are developed to extract significant features for computer forensics to automate and simplify the process. These techniques are effective in reducing the computingtime and increasing the intrusion detection accuracy to a certain extent, but they are limited in forensic analysis.…”

“…Wang [6] summarizes two major technical challenges in this field: (1) Forensic analysts are overwhelmed by huge volumes of low-quality evidence. (2) Cyber attacks are becoming increasingly sophisticated. There are many variations of multi-stage attacks.…”

“…Only after a criminal event happens, can such tools make a corresponding response through a long time and with human interventions. Furthermore such tools usually cannot find the crucial evidence for network forensics in the network environment [2].…”

“…Much progress is being made to protect internet and intranet, such as the firewall and intrusion detection system, but capacity of these solutions is limited, these defensive mechanisms are not sufficient to eliminate cyber attack threats. Recently, other types of computer protection approaches called as network forensics become more important [1,2].…”

Network forensics based on fuzzy logic and expert system

“…Such approach would provide forensics as a service (FaaS) [ 14 ] to MCC users [ 15 ]. A number of current NFFs can help CSPs adapt to MCC networks to identify vulnerabilities and the origin of the attack [ 16 – 18 ]. However, comprehensive studies on the adaptability of current NFFs to MCC networks are rare.…”

A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing

Network Forensic Frameworks