Diffusion and graph spectral methods for network forensic analysis

Authors:
Wei Wang;Thomas E. Daniels
Affiliations:
Iowa State University, Ames, IA;Iowa State University, Ames, IA
Venue:
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Year:
2006

Citing 10
Cited 1

Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Computers and Intractability: A Guide to the Theory of NP-Completeness

Computers and Intractability: A Guide to the Theory of NP-Completeness
Constructing attack scenarios through correlation of intrusion alerts

Proceedings of the 9th ACM conference on Computer and communications security
Multigrid Methods in Science and Engineering

IEEE Computational Science & Engineering
Diffusion Kernels on Graphs and Other Discrete Input Spaces

ICML '02 Proceedings of the Nineteenth International Conference on Machine Learning
Probabilistic Alert Correlation

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Indexing Hierarchical Structures Using Graph Spectra

IEEE Transactions on Pattern Analysis and Machine Intelligence
Application of kernels to link analysis

Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Building Evidence Graphs for Network Forensics Analysis

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference

Interactive detection of network anomalies via coordinated multiple views

Proceedings of the Seventh International Symposium on Visualization for Cyber Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we propose the new paradigm of applying diffusion and graph spectral methods for network forensic analysis. Based on an evidence graph model built from collected evidence, graph spectral methods show potential in identifying key components and patterns of attack by extracting important graph structures. We also present the novel view that the propagation of suspicion in an attack scene could be modelled in analogy with heat diffusion in physics systems. In this paradigm, the evidence graph becomes the basis for a physical construct, which derives its properties such as conductivity and heat generation from evidence features. We argue that diffusion and graph spectral methods not only provide a mathematically well grounded approach to network forensic analysis, but also open up the opportunity for applying structured parameter refinement and high performance computation methods to forensic analysis field.