Ontology-based Intelligent Network-Forensics Investigation
نویسندگان
چکیده
We propose, in this paper, a new ontology for network forensics analysis. The proposed ontology is the first cyber forensics to integrate both network forensics domain knowledge and problem solving knowledge. As such it can be used as a knowledge-base for developing sophisticated intelligent network forensics systems to support complex chain of reasoning. We use a real life network intrusion scenario to show how our ontology can be integrated and used in intelligent network forensics systems.
منابع مشابه
Design of Network Forensic System Based on Honeynet
Network forensics deals with the capturing and analysis of the trace and logs of network intrusions from the multiple systems for providing the information to characterize intrusion or features. This paper demonstrates the internal working of implementation of server honeypot technology and network forensics. Honeypot based system is used to attract the attackers so that their process methodolo...
متن کاملA Mutli-Agent System for Firewall Forensics Analysis
Computer Forensics applies law to fight against unlawful and illegitimate use of computers and networks. It employs investigation methods to solve computer crimes. Knowing that the firewall is the unique input and output in a network, it is considered as the ideal location for recording network activities. The firewall log files trace all incoming and outgoing events in a network. Its content c...
متن کاملCyber Forensics Ontology for Cyber Criminal Investigation
We developed Cyber Forensics Ontology for the criminal investigation in cyber space. Cyber crime is classified into cyber terror and general cyber crime, and those two classes are connected with each other. The investigation of cyber terror requires high technology, system environment and experts, and general cyber crime is connected with general crime by evidence from digital data and cyber sp...
متن کاملAvoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots
Nowadays, honeypots are widely used to divert attackers from the original target and keep them busy within a decoy environment. DeMilitarized Zone (DMZ) is an important zone for network administrators, because many of the services to the public network is provided at this zone. Many of the security tools such as firewalls, intrusion detection systems and several other secu...
متن کاملThe Use of Ontology Framework for Automation Digital Forensics Investigation
One of the main goals of a computer forensic analyst is to determine the cause and effect of the acquisition of a digital evidence in order to obtain relevant information on the case is being handled. In order to get fast and accurate results, this paper will discuss the approach known as Ontology Framework. This model uses a structured hierarchy of layers that create connectivity between the v...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010