A Network Forensic Scheme Using Correntropy-Variation for Attack Detection - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2018

A Network Forensic Scheme Using Correntropy-Variation for Attack Detection

Résumé

Network forensic techniques help track cyber attacks by monitoring and analyzing network traffic. However, due to the large volumes of data in modern networks and sophisticated attacks that mimic normal behavior and/or erase traces to avoid detection, network attack investigations demand intelligent and efficient network forensic techniques. This chapter proposes a network forensic scheme for monitoring and investigating network-based attacks. The scheme captures and stores network traffic data, selects important network traffic features using the chi-square statistic and detects anomalous events using a novel correntropy-variation technique. An evaluation of the network forensic scheme employing the UNSW-NB15 dataset demonstrates its utility and high performance compared with three state-of-the-art approaches.
Fichier principal
Vignette du fichier
472401_1_En_13_Chapter.pdf (205.66 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01988843 , version 1 (22-01-2019)

Licence

Paternité

Identifiants

Citer

Nour Moustafa, Jill Slay. A Network Forensic Scheme Using Correntropy-Variation for Attack Detection. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.225-239, ⟨10.1007/978-3-319-99277-8_13⟩. ⟨hal-01988843⟩
72 Consultations
194 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More