Elements of information theory
Elements of information theory
Computer forensics: incident response essentials
Computer forensics: incident response essentials
Intrusion Detection with SNORT (Bruce Perens' Open Source Series): Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID
Data Mining: Concepts and Techniques
Data Mining: Concepts and Techniques
Introduction to Network Security (Chapman & Hall/Crc Computer & Information Science Series)
Introduction to Network Security (Chapman & Hall/Crc Computer & Information Science Series)
Evaluation of cyber legislations: trading in the global cyber village
International Journal of Electronic Security and Digital Forensics
Network Intrusion Detection and Prevention: Concepts and Techniques
Network Intrusion Detection and Prevention: Concepts and Techniques
Guide to Computer Forensics and Investigations
Guide to Computer Forensics and Investigations
Guide to Computer Network Security
Guide to Computer Network Security
Taxonomies of attacks and vulnerabilities in computer systems
IEEE Communications Surveys & Tutorials
Hi-index | 0.00 |
Global crises have widened the scope of criminal activities that intruders commit on computer networks. However, available litigations to charge intruders are ineffective because most electronic evidence obtained from intrusion logs are inadmissible in several courts of law. Therefore, this paper critically discusses the concept of admissible evidence in courts of law and how forensics experts can extract them from intrusion logs. This paper also discusses a model that adopts information theory to reclassify attributes of intrusions that are used to extract admissible evidence. Evaluations demonstrate that majority of the attributes of distributed denial of service attacks are less informative. The results suggest that type of service, TCP flags, TTL, length of packet, destination IP address, TCP acknowledgement and IP protocol are less informative while source addresses, destination port address and timestamp are informative attributes for forensics investigation of distributed denial of service attacks investigated in this paper.