ACM Transactions on Information and System Security (TISSEC)
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Multigrid Methods in Science and Engineering
IEEE Computational Science & Engineering
Diffusion Kernels on Graphs and Other Discrete Input Spaces
ICML '02 Proceedings of the Nineteenth International Conference on Machine Learning
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Indexing Hierarchical Structures Using Graph Spectra
IEEE Transactions on Pattern Analysis and Machine Intelligence
Application of kernels to link analysis
Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Building Evidence Graphs for Network Forensics Analysis
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Interactive detection of network anomalies via coordinated multiple views
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Hi-index | 0.00 |
In this paper we propose the new paradigm of applying diffusion and graph spectral methods for network forensic analysis. Based on an evidence graph model built from collected evidence, graph spectral methods show potential in identifying key components and patterns of attack by extracting important graph structures. We also present the novel view that the propagation of suspicion in an attack scene could be modelled in analogy with heat diffusion in physics systems. In this paradigm, the evidence graph becomes the basis for a physical construct, which derives its properties such as conductivity and heat generation from evidence features. We argue that diffusion and graph spectral methods not only provide a mathematically well grounded approach to network forensic analysis, but also open up the opportunity for applying structured parameter refinement and high performance computation methods to forensic analysis field.