Skip to Main content Skip to Navigation
New interface
Conference papers

Creating Integrated Evidence Graphs for Network Forensics

Abstract : Probabilistic evidence graphs can be used to model network intrusion evidence and the underlying dependencies to support network forensic analysis. The graphs provide a means for linking the probabilities associated with different attack paths with the available evidence. However, current work focused on evidence graphs assumes that all the available evidence can be expressed using a single, small evidence graph. This paper presents an algorithm for merging evidence graphs with or without a corresponding attack graph. The application of the algorithm to a file server and database server attack scenario yields an integrated evidence graph that shows the global scope of the attack. The global graph provides a broader context and better understandability than multiple local evidence graphs.
Document type :
Conference papers
Complete list of metadata

Cited literature [12 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, February 7, 2017 - 5:25:54 PM
Last modification on : Thursday, March 5, 2020 - 4:46:39 PM
Long-term archiving on: : Monday, May 8, 2017 - 2:50:53 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Changwei Liu, Anoop Singhal, Duminda Wijesekera. Creating Integrated Evidence Graphs for Network Forensics. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. pp.227-241, ⟨10.1007/978-3-642-41148-9_16⟩. ⟨hal-01460608⟩



Record views


Files downloads