CREATING INTEGRATED EVIDENCE GRAPHS FOR NETWORK FORENSICS

被引：0

作者：

Liu, Changwei ^{[1
]}

Singhal, Anoop ^{[2
]}

Wijesekera, Duminda ^{[1
]}

机构：

[1] George Mason Univ, Fairfax, VA 22030 USA

[2] Natl Inst Stand & Technol, Comp Secur Div, Gaithersburg, MD 20899 USA

来源：

ADVANCES IN DIGITAL FORENSICS IX | 2013年 / 410卷

关键词：

Network forensics; probabilistic evidence graphs; attack graphs; ATTACK; GENERATION;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Probabilistic evidence graphs can be used to model network intrusion evidence and the underlying dependencies to support network forensic analysis. The graphs provide a means for linking the probabilities associated with different attack paths with the available evidence. However, current work focused on evidence graphs assumes that all the available evidence can be expressed using a single, small evidence graph. This paper presents an algorithm for merging evidence graphs with or without a corresponding attack graph. The application of the algorithm to a file server and database server attack scenario yields an integrated evidence graph that shows the global scope of the attack. The global graph provides a broader context and better understandability than multiple local evidence graphs.

引用

页码：227 / 241

页数：15

共 50 条

[1] Building evidence graphs for network forensics analysis
Wang, W
Daniels, TE
21ST ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2005, : 229 - 239
[2] Application of the Spectra of Graphs in Network Forensics
Easttom, Chuck
Adda, Mo
2021 IEEE 11TH ANNUAL COMPUTING AND COMMUNICATION WORKSHOP AND CONFERENCE (CCWC), 2021, : 846 - 852
[3] Evidence gathering for network security and forensics
Divakaran, Dinil Mon
Fok, Kar Wai
Nevat, Ido
Thing, Vrizlynn L. L.
DIGITAL INVESTIGATION, 2017, 20 : S56 - S65
[4] Quality assurance for evidence collection in network forensics
Cheng, Bo-Chao
Chen, Huan
INFORMATION SECURITY APPLICATIONS, 2006, 4298 : 121 - +
[5] A Secure Storage Model to Preserve Evidence in Network Forensics
Ibrahim, Mohd Izham
Jantan, Aman
SOFTWARE ENGINEERING AND COMPUTER SYSTEMS, PT 2, 2011, 180 : 391 - 402
[6] An Evidential Network Forensics Analysis with Metrics for Conviction Evidence
Amran, Ahmad Roshidi
Sand, Amna
Abd Razak, Mohd Raziff
2014 4TH INTERNATIONAL CONFERENCE ON ENGINEERING TECHNOLOGY AND TECHNOPRENEURSHIP (ICE2T), 2014, : 73 - 78
[7] Evidence fusion of the network forensics on the hidden Markov models
Yang, Jun
Ma, Qin-Sheng
Wang, Min
Cao, Yang
Dianzi Keji Daxue Xuebao/Journal of the University of Electronic Science and Technology of China, 2013, 42 (03): : 350 - 354
[8] Poster: A Logic Based Network Forensics Model for Evidence Analysis
Singhal, Anoop
Liu, Changwei
Wijesekera, Duminda
CCS'15: PROCEEDINGS OF THE 22ND ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2015, : 1677 - 1677
[9] Network Forensics Method Based on Evidence Graph and Vulnerability Reasoning
He, Jingsha
Chang, Chengyue
He, Peng
Pathan, Muhammad Salman
FUTURE INTERNET, 2016, 8 (04):
[10] A cyber forensics ontology: Creating a new approach to studying cyber forensics
Brinson, Ashley
Robinson, Abigail
Rogers, Marcus
DIGITAL INVESTIGATION, 2006, : S37 - S43

← 1 2 3 4 5 →