Computer Networking: A Top-Down Approach Featuring the Internet
Computer Networking: A Top-Down Approach Featuring the Internet
Common Vulnerability Scoring System
IEEE Security and Privacy
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Towards a taxonomy for information security metrics
Proceedings of the 2007 ACM workshop on Quality of protection
Using Security Patterns to Combine Security Metrics
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Design issues of an isolated sandbox used to analyze malwares
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
DDoS mitigation in non-cooperative environments
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
A model for covert botnet communication in a private subnet
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
Hi-index | 0.01 |
Evaluation of forensics evidence is an essential step in proving the malicious intents of an attacker or adversary and the severity of the damages caused to any network. This paper takes a step forward showing how security metrics can be used to sustain a sense of credibility to network evidence gathered as an elaboration and extension to an embedded feature of network forensic readiness (NFR) – redress that is defined as holding intruders responsible. We propose a procedure of evidence acquisition in network forensics where we then analyse sample of packet data in order to extract useful information as evidence through a formalised intuitive model, based on capturing adversarial behaviour and layer analysis. We also discuss the evidential structure and corresponding database design. We then apply the common vulnerability scoring system (CVSS) metrics to show that a forensics metrics system could assess the severity of network attacks committed, thus giving a degree of credibility to the evidence gathered. This way, hard evidence could be objectively collected to lend support to the resource-intensive process of investigation and litigation, leading to successful conviction, while reducing effort expended on the process.