Towards Automatic Deduction and Event Reconstruction Using Forensic Lucid and Probabilities to Encode the IDS Evidence

Introduction. We apply the theoretical framework and formal model of the observation tuple with the credibility weight for forensic analysis of the IDS data and the corresponding event reconstruction. Forensic Lucid – a forensic case modeling and specification language is used for the task. In the ongoing theoretical and practical work, Forensic Lucid is augmented with the Dempster-Shafer theory of mathematical evidence to include the credibility factors of the evidential IDS observations. Forensic Lucid’s toolset is practically being implemented within the General Intensional Programming System (GIPSY) and the probabilistic model-checking tool PRISM as a backend to compile the Forensic Lucid model into the PRISM’s code and model-check it. This work may also help with further generalization of the testing methodology of IDSs [10].