The Community for Technology Leaders
RSS Icon
Subscribe
Tucson, Arizona
Dec. 5, 2005 to Dec. 9, 2005
ISBN: 0-7695-2461-3
pp: 254-266
Wei Wang , Iowa State University
Thomas E. Daniels , Iowa State University
ABSTRACT
In this paper, we present techniques for a network forensics analysis mechanism that includes effective evidence presentation, manipulation and automated reasoning. We propose the evidence graph as a novel graph model to facilitate the presentation and manipulation of intrusion evidence. For automated evidence analysis, we develop a hierarchical reasoning framework that includes local reasoning and global reasoning. Local reasoning aims to infer the roles of suspicious hosts from local observations. Global reasoning aims to identify group of strongly correlated hosts in the attack and derive their relationships. By using the evidence graph model, we effectively integrate analyst feedback into the automated reasoning process. Experimental results demonstrate the potential and effectiveness of our proposed approaches.
INDEX TERMS
null
CITATION
Wei Wang, Thomas E. Daniels, "Building Evidence Graphs for Network Forensics Analysis", ACSAC, 2005, Computer Security Applications Conference, Annual, Computer Security Applications Conference, Annual 2005, pp. 254-266, doi:10.1109/CSAC.2005.14
26 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool