Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Building Evidence Graphs for Network Forensics Analysis
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Hi-index | 0.00 |
The network forensic computing is faced with the question of the complex network intrusion analyses. So a new concept of cooperation forensic computing is defined. Through to extend the theory of function dependency, a new method called probability function dependency relationships is proposed. Combined it with the Bayesian network and K2 algorithm, the network forensic computing algorithm called CFA is proposed. For the complex network attack, CFA is able to synthesize the various forensic data resource to reappearance the crime scenario intuitionally and realize the network forensic analysis effectively.