Skip to Main content Skip to Navigation
Conference papers

A Network Forensic Scheme Using Correntropy-Variation for Attack Detection

Abstract : Network forensic techniques help track cyber attacks by monitoring and analyzing network traffic. However, due to the large volumes of data in modern networks and sophisticated attacks that mimic normal behavior and/or erase traces to avoid detection, network attack investigations demand intelligent and efficient network forensic techniques. This chapter proposes a network forensic scheme for monitoring and investigating network-based attacks. The scheme captures and stores network traffic data, selects important network traffic features using the chi-square statistic and detects anomalous events using a novel correntropy-variation technique. An evaluation of the network forensic scheme employing the UNSW-NB15 dataset demonstrates its utility and high performance compared with three state-of-the-art approaches.
Document type :
Conference papers
Complete list of metadata

Cited literature [27 references]  Display  Hide  Download

https://hal.inria.fr/hal-01988843
Contributor : Hal Ifip <>
Submitted on : Tuesday, January 22, 2019 - 9:44:43 AM
Last modification on : Thursday, February 7, 2019 - 3:40:57 PM
Long-term archiving on: : Tuesday, April 23, 2019 - 1:21:03 PM

File

472401_1_En_13_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Nour Moustafa, Jill Slay. A Network Forensic Scheme Using Correntropy-Variation for Attack Detection. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.225-239, ⟨10.1007/978-3-319-99277-8_13⟩. ⟨hal-01988843⟩

Share

Metrics

Record views

88

Files downloads

30