C4.5: programs for machine learning
C4.5: programs for machine learning
On the Optimality of the Simple Bayesian Classifier under Zero-One Loss
Machine Learning - Special issue on learning with probabilistic representations
Forensix: A Robust, High-Performance Reconstruction System
ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
Data Mining: Concepts and Techniques
Data Mining: Concepts and Techniques
Improvements to Platt's SMO Algorithm for SVM Classifier Design
Neural Computation
Modeling network intrusion detection alerts for correlation
ACM Transactions on Information and System Security (TISSEC)
Dynamical Network Forensics Based on Immune Agent
ICNC '07 Proceedings of the Third International Conference on Natural Computation - Volume 03
An Integrated System of Intrusion Detection Based on Rough Set and Wavelet Neural Network
ICNC '07 Proceedings of the Third International Conference on Natural Computation - Volume 03
Processing of massive audit data streams for real-time anomaly intrusion detection
Computer Communications
DDoS attack detection method using cluster analysis
Expert Systems with Applications: An International Journal
A Graph Based Approach Toward Network Forensics Analysis
ACM Transactions on Information and System Security (TISSEC)
Information Sciences: an International Journal
Risk evaluation in failure mode and effects analysis using fuzzy weighted geometric mean
Expert Systems with Applications: An International Journal
Expert Systems with Applications: An International Journal
Network anomaly detection based on wavelet analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Efficient deterministic method for detecting new U2R attacks
Computer Communications
McPAD: A multiple classifier system for accurate payload-based anomaly detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Optimization Models for Training Belief-Rule-Based Systems
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Analyzing multiple logs for forensic evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A framework for post-event timeline reconstruction using neural networks
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Practical real-time intrusion detection using machine learning approaches
Computer Communications
Network forensic frameworks: Survey and research challenges
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A scalable network forensics mechanism for stealthy self-propagating attacks
Computer Communications
Hi-index | 0.24 |
Network forensics is a research area that finds the malicious users by collecting and analyzing the intrusion or infringement evidence of computer crimes such as hacking. In the past, network forensics was only used by means of investigation. However, nowadays, due to the sharp increase of network traffic, not all the information captured or recorded will be useful for analysis or evidence. The existing methods and tools for network forensics show only simple results. The administrators have difficulty in analyzing the state of the damaged system without expert knowledge. Therefore, we need an effective and automated analyzing system for network forensics. In this paper, we firstly guarantee the evidence reliability as far as possible by collecting different forensic information of detection sensors. Secondly, we propose an approach based on fuzzy logic and expert system for network forensics that can analyze computer crimes in network environment and make digital evidences automatically. At the end of the paper, the experimental comparison results between our proposed method and other popular methods are presented. Experimental results show that the system can classify most kinds of attack types (91.5% correct classification rate on average) and provide analyzable and comprehensible information for forensic experts.