A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Mining Alarm Clusters to Improve Alarm Handling Efficiency
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Network forensics based on fuzzy logic and expert system
Computer Communications
From digital forensic report to Bayesian networkrepresentation
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Network forensic frameworks: Survey and research challenges
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A Framework for the Forensic Analysis of User Interaction with Social Media
International Journal of Digital Crime and Forensics
A scalable network forensics mechanism for stealthy self-propagating attacks
Computer Communications
CoBAn: A context based model for data leakage prevention
Information Sciences: an International Journal
Hi-index | 0.00 |
In this article we develop a novel graph-based approach toward network forensics analysis. Central to our approach is the evidence graph model that facilitates evidence presentation and automated reasoning. Based on the evidence graph, we propose a hierarchical reasoning framework that consists of two levels. Local reasoning aims to infer the functional states of network entities from local observations. Global reasoning aims to identify important entities from the graph structure and extract groups of densely correlated participants in the attack scenario. This article also presents a framework for interactive hypothesis testing, which helps to identify the attacker's nonexplicit attack activities from secondary evidence. We developed a prototype system that implements the techniques discussed. Experimental results on various attack datasets demonstrate that our analysis mechanism achieves good coverage and accuracy in attack group and scenario extraction with less dependence on hard-coded expert knowledge.