Network forensics based on fuzzy logic and expert system

Authors:
Niandong Liao;Shengfeng Tian;Tinghua Wang
Affiliations:
School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China;School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China;School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
Venue:
Computer Communications
Year:
2009

Citing 21
Cited 4

C4.5: programs for machine learning

C4.5: programs for machine learning
On the Optimality of the Simple Bayesian Classifier under Zero-One Loss

Machine Learning - Special issue on learning with probabilistic representations
Forensix: A Robust, High-Performance Reconstruction System

ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
Data Mining: Concepts and Techniques

Data Mining: Concepts and Techniques
Improvements to Platt's SMO Algorithm for SVM Classifier Design

Neural Computation
Modeling network intrusion detection alerts for correlation

ACM Transactions on Information and System Security (TISSEC)
Dynamical Network Forensics Based on Immune Agent

ICNC '07 Proceedings of the Third International Conference on Natural Computation - Volume 03
An Integrated System of Intrusion Detection Based on Rough Set and Wavelet Neural Network

ICNC '07 Proceedings of the Third International Conference on Natural Computation - Volume 03
Processing of massive audit data streams for real-time anomaly intrusion detection

Computer Communications
DDoS attack detection method using cluster analysis

Expert Systems with Applications: An International Journal
A Graph Based Approach Toward Network Forensics Analysis

ACM Transactions on Information and System Security (TISSEC)
Design and implementation of a fuzzy expert system for performance assessment of an integrated health, safety, environment (HSE) and ergonomics system: The case of a gas refinery

Information Sciences: an International Journal
Risk evaluation in failure mode and effects analysis using fuzzy weighted geometric mean

Expert Systems with Applications: An International Journal
International distribution center selection from a foreign market perspective using a weighted fuzzy factor rating system

Expert Systems with Applications: An International Journal
Network anomaly detection based on wavelet analysis

EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Efficient deterministic method for detecting new U2R attacks

Computer Communications
McPAD: A multiple classifier system for accurate payload-based anomaly detection

Computer Networks: The International Journal of Computer and Telecommunications Networking
Integrating intrusion alert information to aid forensic explanation: An analytical intrusion detection framework for distributive IDS

Information Fusion
Optimization Models for Training Belief-Rule-Based Systems

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Analyzing multiple logs for forensic evidence

Digital Investigation: The International Journal of Digital Forensics & Incident Response
A framework for post-event timeline reconstruction using neural networks

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Machine learning in computer forensics (and the lessons learned from machine learning in computer security)

Proceedings of the 4th ACM workshop on Security and artificial intelligence
Practical real-time intrusion detection using machine learning approaches

Computer Communications
Network forensic frameworks: Survey and research challenges

Digital Investigation: The International Journal of Digital Forensics & Incident Response
A scalable network forensics mechanism for stealthy self-propagating attacks

Computer Communications

Quantified Score

Hi-index	0.24

Visualization

Abstract

Network forensics is a research area that finds the malicious users by collecting and analyzing the intrusion or infringement evidence of computer crimes such as hacking. In the past, network forensics was only used by means of investigation. However, nowadays, due to the sharp increase of network traffic, not all the information captured or recorded will be useful for analysis or evidence. The existing methods and tools for network forensics show only simple results. The administrators have difficulty in analyzing the state of the damaged system without expert knowledge. Therefore, we need an effective and automated analyzing system for network forensics. In this paper, we firstly guarantee the evidence reliability as far as possible by collecting different forensic information of detection sensors. Secondly, we propose an approach based on fuzzy logic and expert system for network forensics that can analyze computer crimes in network environment and make digital evidences automatically. At the end of the paper, the experimental comparison results between our proposed method and other popular methods are presented. Experimental results show that the system can classify most kinds of attack types (91.5% correct classification rate on average) and provide analyzable and comprehensible information for forensic experts.