Creating Integrated Evidence Graphs for Network Forensics

Abstract : Probabilistic evidence graphs can be used to model network intrusion evidence and the underlying dependencies to support network forensic analysis. The graphs provide a means for linking the probabilities associated with different attack paths with the available evidence. However, current work focused on evidence graphs assumes that all the available evidence can be expressed using a single, small evidence graph. This paper presents an algorithm for merging evidence graphs with or without a corresponding attack graph. The application of the algorithm to a file server and database server attack scenario yields an integrated evidence graph that shows the global scope of the attack. The global graph provides a broader context and better understandability than multiple local evidence graphs.
Type de document :
Communication dans un congrès
Gilbert Peterson; Sujeet Shenoi. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-410, pp.227-241, 2013, Advances in Digital Forensics IX. 〈10.1007/978-3-642-41148-9_16〉
Liste complète des métadonnées

Littérature citée [12 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01460608
Contributeur : Hal Ifip <>
Soumis le : mardi 7 février 2017 - 17:25:54
Dernière modification le : vendredi 1 décembre 2017 - 01:16:43
Document(s) archivé(s) le : lundi 8 mai 2017 - 14:50:53

Fichier

978-3-642-41148-9_16_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Changwei Liu, Anoop Singhal, Duminda Wijesekera. Creating Integrated Evidence Graphs for Network Forensics. Gilbert Peterson; Sujeet Shenoi. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-410, pp.227-241, 2013, Advances in Digital Forensics IX. 〈10.1007/978-3-642-41148-9_16〉. 〈hal-01460608〉

Partager

Métriques

Consultations de la notice

131

Téléchargements de fichiers

60