Skip to main content
SpringerLink
Log in
Book cover

Fundamentals of Network Forensics pp 47–69Cite as

Network Forensic Frameworks

  • Chapter
  • First Online:

Part of the book series: Computer Communications and Networks ((CCN))

Abstract

In this chapter, various frameworks based on various criteria and their relevance with the network forensics is discussed. The various frameworks based on distributed systems, soft computing, honeynet, attack graph, formal method, aggregation, and data mining are discussed. Their merits and demerits are also elaborated.

This is a preview of subscription content, log in via an institution.

References

  1. Shanmugasundaram K, Memon N, Savant A, Bronnimann H (2003) ForNet: a distributed forensics network. In: Gorodetsky V, Popyack L, Skormin V (eds) Computer network security, vol 2776. Springer, Berlin/Heidelberg, pp 1–16

    Chapter  Google Scholar 

  2. Ren W (2004) On a network forensics model for information security. In: 3rd international conference on Information Systems Technology and its Applications (ISTA 2004), Utah, USA, pp 229–234

    Google Scholar 

  3. Jing YN, Tu P, Wang XP, Zhang GD (2005) Distributed-log-based scheme for IP traceback. In: The fifth international conference on Computer and Information Technology (CIT’ 05), Shanghai, China, pp 711–715

    Google Scholar 

  4. Tang Y, Daniels TE (2005) A simple framework for distributed forensics. In: 25th IEEE International Conference on Distributed Computing Systems Workshops (ICDCS 05), Columbus, OH, USA, pp 163–169

    Google Scholar 

  5. Nagesh A (2006) Distributed Network Forensics using JADE Mobile Agent Framework. M. S. thesis, Dept of Computing Studies, Arizona State University, Mesa, AZ

    Google Scholar 

  6. Wang D, Li T, Liu S, Zhang J, Liu C (2007) Dynamical network forensics based on immune agent. In: Third International Conference on Natural Computation (ICNC 2007), Haikou, Hainan, China, pp 651–656

    Google Scholar 

  7. Kim JS, Kim M, Noh BN (2004) A fuzzy expert system for network forensics. In: Laganà A, Gavrilova ML, Kumar V, Mun Y, Tan CJK, Gervasi O (eds) Computational science and its applications, vol 3043. Springer, Berlin/Heidelberg, pp 175–182

    Google Scholar 

  8. Liu Z, Feng D (2005) Incremental fuzzy decision tree-based network forensic system. In: Hao Y, Liu J, Wang YP, Cheung YM, Yin H, Jiao L, Ma J, Jiao YC (eds) Computational intelligence and security, vol 3802. Springer, Berlin/Heidelberg, pp 995–1002

    Google Scholar 

  9. Zhang Y, Ren Y, Wang J, Fang L (2007) Network forensic computing based on ANN-PCA. In: International conference on Computational Intelligence and Security Workshops (CISW 07), Harbin, Heilongjiang, China, pp 942–945

    Google Scholar 

  10. Anaya EA, Nakano-Miyatake M, Perez Meana HM (2009) Network forensics with Neurofuzzy techniques. In: 52nd IEEE international Midwest Symposium on Circuits and Systems (MWSCAS ’09), Cancun, Mexico, pp 848–852

    Google Scholar 

  11. Liao N, Tian S, Wang T (2009) Network forensics based on fuzzy logic and expert system. Comput Commun 32(17):1881–1892

    Article  Google Scholar 

  12. Yasinsac A, Manzano Y (2002) Honeytraps, a network forensic tool. In: 6th world multi-conference on Systemics, Cybernetics, and Informatics (SCI 02), Florida, USA

    Google Scholar 

  13. Thonnard O, Dacier M (2008) A framework for attack patterns’ discovery in honeynet data. Digit Investig 5(Supplement 1):S128–S139

    Google Scholar 

  14. Wang W, Daniels TE (2008) A graph based approach toward network forensics analysis. ACM Trans Inf Syst Secur (TISSEC) 12(1):4

    Google Scholar 

  15. Rekhis S, Krichene J, Boudriga N (2008) DigForNet: digital forensic in networking. In: Jajodia S, Samarati P, Cimato S (eds) IFIP TC-11 23rd international information security conference, vol 278. Springer, Boston, pp 637–651

    Google Scholar 

  16. John H, David LJ, Mark T (2008) FORWEB: file fingerprinting for automated network forensics investigations. In: 1st international conference on forensic applications and techniques in telecommunications, information, and multimedia and workshop, Adelaide, Australia

    Google Scholar 

  17. Lin C, Zhitang L, Cuixia G, Yingshu L (2009) Modeling and analyzing dynamic forensics system based on intrusion tolerance. In: Ninth IEEE international conference on computer and information technology, pp 230–235

    Google Scholar 

  18. Jha S, Sommer R, Kreibich C, Giura P, Memon N (2010) NetStore: an efficient storage infrastructure for network forensics and monitoring. In: Recent advances in intrusion detection, vol 6307. Springer, Berlin/Heidelberg, pp 277–296

    Google Scholar 

  19. Miroslav P, Paul G, Joel W, Herv B (2010) New payload attribution methods for network forensic investigations. ACM Trans Inf Syst Secur 13(2):1–32

    Article  Google Scholar 

  20. Tang H, Zou T, Jin Q, Zhang J (2011) A distributed framework for forensics based on the content of network transmission. In: First international conference on instrumentation, measurement, computer, communication and control, pp 852–855

    Google Scholar 

  21. Beverly R, Garfinkel S, Cardwell G (2011) Forensic carving of network packets and associated data structures. Digit Investig 8(Supplement):S78–S89

    Google Scholar 

  22. Ying Z (2011) Attack pattern discovery in forensic investigation of network attacks. IEEE J Sel Areas Commun 29(7):1349–1357

    Article  Google Scholar 

  23. Chen S, Zeng K, Mohapatra P (2011) Efficient data capturing for network forensics in cognitive radio networks. IEEE/ACM Trans Netw PP(99):1–1

    Google Scholar 

  24. Jianxia N, Singh S, Pelechrinis K, Liu B, Krishnamurthy SV, Govindan R (2012) Forensic analysis of packet losses in wireless networks. In: 20th IEEE international conference on network protocols, pp 1–10

    Google Scholar 

  25. Palomo EJ, Elizondo D, Dom’ınguez E, Luque RM, Watson T (2012) SOM-based techniques towards hierarchical visualisation of network forensics traffic data. In: Computational intelligence for privacy and security, vol 394. Springer, Berlin/Heidelberg, pp 75–95

    Google Scholar 

  26. Garfinkel S, Nelson AJ, Young J (2012) A general strategy for differential forensic analysis. Digit Investig 9(Supplement, no. 0):S50–S59

    Google Scholar 

  27. Chen LM, Chen MC, Liao W, Sun YS (2013) A scalable network forensics mechanism for stealthy self-propagating attacks. Comput Commun 36(13):1471–1484

    Article  Google Scholar 

  28. Scanlon M, Kechadi MT (2013) Universal peer-to-peer network investigation framework. In: Eighth international conference on availability, reliability and security, pp 694–700

    Google Scholar 

  29. Gebhardt T, Reiser HP (2013) Network Forensics for Cloud Computing. In: 13th IFIP WG 6.1 international conference on Distributed Applications and Interoperable Systems, Florence, Italy, pp 29–42

    Google Scholar 

  30. Shin-Ying H, Yennun H (2013) Network Forensic Analysis Using Growing Hierarchical SOM. In: 13th international conference on Data Mining Workshops, pp 536–543

    Google Scholar 

  31. Almulhem A, Traore I (2005) Experience with engineering a network forensics system. In: International conference on Information Networking, Convergence in Broadband and Mobile Networking (ICOIN 05), Jeju Island, Korea, pp 62–71

    Google Scholar 

  32. Nikkel BJ (2006) A portable network forensic evidence collector. Digit Investig 3(3):127–135

    Article  Google Scholar 

  33. Vandenberghe G (2008) Network traffic exploration application: A tool to assess, visualize, and analyze network security events. In: Goodall J, Conti G, Ma K-L (eds) Visualization for computer security, vol 5210. Springer, Berlin/Heidelberg, pp 181–196

    Chapter  Google Scholar 

  34. Brauckhoff D, Dimitropoulos X, Wagner A, Salamatian K (2009) Anomaly extraction in backbone networks using association rules. In: Internet Measurement Conference (IMC), pp 1788–1799

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graphic Era University, Dehradun, Uttarakhand, India

    R. C. Joshi

  2. Malaviya National Institute of Technology, Jaipur, Rajasthan, India

    Emmanuel S. Pilli

Authors
  1. R. C. Joshi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanuel S. Pilli
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag London

About this chapter

Cite this chapter

Joshi, R.C., Pilli, E.S. (2016). Network Forensic Frameworks. In: Fundamentals of Network Forensics. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-4471-7299-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-7299-4_3

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-7297-0

  • Online ISBN: 978-1-4471-7299-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation