Merging Sub Evidence Graphs to an Integrated Evidence Graph for Network Forensics Analysis
نویسندگان
چکیده
Evidence graphs model network intrusion evidence and their dependen cies to help with network forensics analysis. With quantitative metrics, probabilistic evidence graphs provide a way to link probabilities associ ated with different attack paths with available evidence. Existing work in evidence graphs assumes that all available evidence forms a single evidence graph. We show how to merge different evidence graphs with or without the help of a corresponding attack graph. We show this by providing algorithms and a possible attack scenario towards a file server and a database server in an example network environment. An integrated evidence graph, showing all attacks using global reasoning, is more useful to forensics analysts and network administrators than multiple evidence graphs that use local reasoning.
منابع مشابه
An Ant Colony Optimization Algorithm for Network Vulnerability Analysis
Intruders often combine exploits against multiple vulnerabilities in order to break into the system. Each attack scenario is a sequence of exploits launched by an intruder that leads to an undesirable state such as access to a database, service disruption, etc. The collection of possible attack scenarios in a computer network can be represented by a directed graph, called network attack gra...
متن کاملNetwork Forensics Analysis with Evidence Graphs
We develop a prototype network forensics analysis tool that integrates presentation, manipulation and automated reasoning of intrusion evidence. We propose the evidence graph as a novel graph model to facilitate the presentation and manipulation of intrusion evidence. For automated evidence analysis, we develop a hierarchical reasoning framework that includes local reasoning and global reasonin...
متن کاملDistributed Network Forensics Framework: A Systematic Review
Network forensics is a branch of digital forensics, which applies to network security. It is used to relate monitoring and analysis of the computer network traffic, that helps us in collecting information and digital evidence, for the protection of network that can use as firewall and IDS. Firewalls and IDS can't always prevent and find out the unauthorized access within a network. This pa...
متن کاملAttack Graph Analysis for Network Anti-Forensics
The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is th...
متن کاملAnalyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...
متن کامل