Skip to Main content Skip to Navigation
New interface
Conference papers

A Network Forensic Scheme Using Correntropy-Variation for Attack Detection

Abstract : Network forensic techniques help track cyber attacks by monitoring and analyzing network traffic. However, due to the large volumes of data in modern networks and sophisticated attacks that mimic normal behavior and/or erase traces to avoid detection, network attack investigations demand intelligent and efficient network forensic techniques. This chapter proposes a network forensic scheme for monitoring and investigating network-based attacks. The scheme captures and stores network traffic data, selects important network traffic features using the chi-square statistic and detects anomalous events using a novel correntropy-variation technique. An evaluation of the network forensic scheme employing the UNSW-NB15 dataset demonstrates its utility and high performance compared with three state-of-the-art approaches.
Document type :
Conference papers
Complete list of metadata

Cited literature [27 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, January 22, 2019 - 9:44:43 AM
Last modification on : Thursday, February 7, 2019 - 3:40:57 PM
Long-term archiving on: : Tuesday, April 23, 2019 - 1:21:03 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Nour Moustafa, Jill Slay. A Network Forensic Scheme Using Correntropy-Variation for Attack Detection. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.225-239, ⟨10.1007/978-3-319-99277-8_13⟩. ⟨hal-01988843⟩



Record views


Files downloads