Skip to Main content Skip to Navigation
Conference papers

Creating Integrated Evidence Graphs for Network Forensics

Abstract : Probabilistic evidence graphs can be used to model network intrusion evidence and the underlying dependencies to support network forensic analysis. The graphs provide a means for linking the probabilities associated with different attack paths with the available evidence. However, current work focused on evidence graphs assumes that all the available evidence can be expressed using a single, small evidence graph. This paper presents an algorithm for merging evidence graphs with or without a corresponding attack graph. The application of the algorithm to a file server and database server attack scenario yields an integrated evidence graph that shows the global scope of the attack. The global graph provides a broader context and better understandability than multiple local evidence graphs.
Complete list of metadatas

Cited literature [12 references]  Display  Hide  Download

https://hal.inria.fr/hal-01460608
Contributor : Hal Ifip <>
Submitted on : Tuesday, February 7, 2017 - 5:25:54 PM
Last modification on : Thursday, March 5, 2020 - 4:46:39 PM
Document(s) archivé(s) le : Monday, May 8, 2017 - 2:50:53 PM

File

978-3-642-41148-9_16_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Changwei Liu, Anoop Singhal, Duminda Wijesekera. Creating Integrated Evidence Graphs for Network Forensics. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. pp.227-241, ⟨10.1007/978-3-642-41148-9_16⟩. ⟨hal-01460608⟩

Share

Metrics

Record views

196

Files downloads

411