Building Evidence Graphs for Network Forensics Analysis

Wei Wang; Thomas E. Daniels

doi:10.1109/CSAC.2005.14

A
ACSAC
2005
21st Annual Computer Security Applications Conference (ACSAC'05)
Abstract - Building Evidence Graphs for Network Forensics Analysis

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Wei Wang Articles by Thomas E. Daniels

21st Annual Computer Security Applications Conference (ACSAC'05)

Building Evidence Graphs for Network Forensics Analysis

Tucson, Arizona

December 05-December 09

ISBN: 0-7695-2461-3

	ASCII Text	x
	Wei Wang, Thomas E. Daniels, "Building Evidence Graphs for Network Forensics Analysis," Computer Security Applications Conference, Annual, pp. 254-266, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005.

	BibTex	x
	@article{ 10.1109/CSAC.2005.14, author = {Wei Wang and Thomas E. Daniels}, title = {Building Evidence Graphs for Network Forensics Analysis}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2005}, issn = {1063-9527}, pages = {254-266}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.14}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Building Evidence Graphs for Network Forensics Analysis SN - 1063-9527 SP254 EP266 A1 - Wei Wang, A1 - Thomas E. Daniels, PY - 2005 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Wei Wang, Iowa State University

Thomas E. Daniels, Iowa State University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.14

In this paper, we present techniques for a network forensics analysis mechanism that includes effective evidence presentation, manipulation and automated reasoning. We propose the evidence graph as a novel graph model to facilitate the presentation and manipulation of intrusion evidence. For automated evidence analysis, we develop a hierarchical reasoning framework that includes local reasoning and global reasoning. Local reasoning aims to infer the roles of suspicious hosts from local observations. Global reasoning aims to identify group of strongly correlated hosts in the attack and derive their relationships. By using the evidence graph model, we effectively integrate analyst feedback into the automated reasoning process. Experimental results demonstrate the potential and effectiveness of our proposed approaches.

Citation:

Wei Wang, Thomas E. Daniels, "Building Evidence Graphs for Network Forensics Analysis," acsac, pp.254-266, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.