Abstract
Hacking and network intrusion incidents are on the increase. However, a major drawback to identifying and apprehending malicious individuals is the lack of efficient attribution mechanisms. This paper proposes a forensic profiling system that accommodates real-time evidence collection as a network feature to address the difficulties involved in collecting evidence against attackers.
Chapter PDF
Similar content being viewed by others
References
J. Barrus and N. Rowe, A distributed autonomous agent network intrusion detection and response system, Proceedings of the Command and Control Research Technology Symposium, pp. 577–586, 1998.
A. Chuvakin, FTP Attack Case Study, Part I: The Analysis (www.linuxsecurity.com/feature.stories/ftp-analysis-partl.html) 2002.
F. Cuppens, Managing alerts in a multi intrusion detection environment, Proceedings of the Seventeenth Annual Computer Security Applications Conference, 2001.
F. Cuppens and A. Miège, Alert correlation in a cooperative intrusion detection framework, Proceedings of the IEEE Symposium on Security and Privacy, 2002.
H. Debar and A. Wespi, Aggregation and correlation of intrusion detection alerts, Proceedings of the Fourth International Workshop on Recent Advances in Intrusion Detection, pp. 85–103, 2001.
M. Huang, R. Jasper and T. Wicks, A large-scale distributed intrusion detection framework based on attack strategy analysis, Proceedings of First International Workshop on Recent Advances in Intrusion Detection, 1998.
C. Kahn, D. Bolinger and D. Schnackenberg, Common Intrusion Detection Framework (www.isi.edu/gost/cidf/), 1998.
P. Ning, Y. Cui and D. Reeves, Constructing attack scenarios through correlation of intrusion alerts, Proceedings of the Ninth ACM Conference on Computer Security, 2002.
P. Ning, X. Wang and S. Jajodia, A query facility for the common intrusion detection framework, Proceedings of the Twenty-Third National Information Systems Security Conference, pp. 317–328, 2000.
P. Ning, X. Wang and S. Jajodia, Abstraction-based intrusion detection in distributed environments, A CM Transactions on Information and System Security, vol. 4(4), pp. 407–452, 2001.
P. Porras and P. Neumann, EMERALD: Event monitoring enabling responses to anomalous live disturbances, Proceedings of the Twentieth National Information Systems Security Conference, pp. 353–365, 1997.
K. Shanmugasundaram, N. Memon, A. Savant and H. Bronnimann, ForNet: A distributed forensics network, Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security, 2003.
A. Valdes and K. Skinner, Probabilistic alert correlation, Proceedings of the Fourth International Workshop on the Recent Advances in Intrusion Detection, 2001.
J. Yang, P. Ning and X. Wang, CARDS: A distributed system for detecting coordinated attacks, Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security, 2000.
N. Ye, S. Vilbert and Q. Chen, Computer intrusion detection through EWMA for autocorrelated and uncorrelated data, IEEE Transactions on Reliability, vol. 52(1), pp. 75–81, 2003.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
Kahai, P., Srinivasan, M., Namuduri, K., Pendse, R. (2006). Forensic Profiling System. In: Pollitt, M., Shenoi, S. (eds) Advances in Digital Forensics. DigitalForensics 2005. IFIP — The International Federation for Information Processing, vol 194. Springer, Boston, MA. https://doi.org/10.1007/0-387-31163-7_13
Download citation
DOI: https://doi.org/10.1007/0-387-31163-7_13
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-30012-2
Online ISBN: 978-0-387-31163-0
eBook Packages: Computer ScienceComputer Science (R0)