Abstract
In this chapter, various frameworks based on various criteria and their relevance with the network forensics is discussed. The various frameworks based on distributed systems, soft computing, honeynet, attack graph, formal method, aggregation, and data mining are discussed. Their merits and demerits are also elaborated.
This is a preview of subscription content, log in via an institution.
References
Shanmugasundaram K, Memon N, Savant A, Bronnimann H (2003) ForNet: a distributed forensics network. In: Gorodetsky V, Popyack L, Skormin V (eds) Computer network security, vol 2776. Springer, Berlin/Heidelberg, pp 1–16
Ren W (2004) On a network forensics model for information security. In: 3rd international conference on Information Systems Technology and its Applications (ISTA 2004), Utah, USA, pp 229–234
Jing YN, Tu P, Wang XP, Zhang GD (2005) Distributed-log-based scheme for IP traceback. In: The fifth international conference on Computer and Information Technology (CIT’ 05), Shanghai, China, pp 711–715
Tang Y, Daniels TE (2005) A simple framework for distributed forensics. In: 25th IEEE International Conference on Distributed Computing Systems Workshops (ICDCS 05), Columbus, OH, USA, pp 163–169
Nagesh A (2006) Distributed Network Forensics using JADE Mobile Agent Framework. M. S. thesis, Dept of Computing Studies, Arizona State University, Mesa, AZ
Wang D, Li T, Liu S, Zhang J, Liu C (2007) Dynamical network forensics based on immune agent. In: Third International Conference on Natural Computation (ICNC 2007), Haikou, Hainan, China, pp 651–656
Kim JS, Kim M, Noh BN (2004) A fuzzy expert system for network forensics. In: Laganà A, Gavrilova ML, Kumar V, Mun Y, Tan CJK, Gervasi O (eds) Computational science and its applications, vol 3043. Springer, Berlin/Heidelberg, pp 175–182
Liu Z, Feng D (2005) Incremental fuzzy decision tree-based network forensic system. In: Hao Y, Liu J, Wang YP, Cheung YM, Yin H, Jiao L, Ma J, Jiao YC (eds) Computational intelligence and security, vol 3802. Springer, Berlin/Heidelberg, pp 995–1002
Zhang Y, Ren Y, Wang J, Fang L (2007) Network forensic computing based on ANN-PCA. In: International conference on Computational Intelligence and Security Workshops (CISW 07), Harbin, Heilongjiang, China, pp 942–945
Anaya EA, Nakano-Miyatake M, Perez Meana HM (2009) Network forensics with Neurofuzzy techniques. In: 52nd IEEE international Midwest Symposium on Circuits and Systems (MWSCAS ’09), Cancun, Mexico, pp 848–852
Liao N, Tian S, Wang T (2009) Network forensics based on fuzzy logic and expert system. Comput Commun 32(17):1881–1892
Yasinsac A, Manzano Y (2002) Honeytraps, a network forensic tool. In: 6th world multi-conference on Systemics, Cybernetics, and Informatics (SCI 02), Florida, USA
Thonnard O, Dacier M (2008) A framework for attack patterns’ discovery in honeynet data. Digit Investig 5(Supplement 1):S128–S139
Wang W, Daniels TE (2008) A graph based approach toward network forensics analysis. ACM Trans Inf Syst Secur (TISSEC) 12(1):4
Rekhis S, Krichene J, Boudriga N (2008) DigForNet: digital forensic in networking. In: Jajodia S, Samarati P, Cimato S (eds) IFIP TC-11 23rd international information security conference, vol 278. Springer, Boston, pp 637–651
John H, David LJ, Mark T (2008) FORWEB: file fingerprinting for automated network forensics investigations. In: 1st international conference on forensic applications and techniques in telecommunications, information, and multimedia and workshop, Adelaide, Australia
Lin C, Zhitang L, Cuixia G, Yingshu L (2009) Modeling and analyzing dynamic forensics system based on intrusion tolerance. In: Ninth IEEE international conference on computer and information technology, pp 230–235
Jha S, Sommer R, Kreibich C, Giura P, Memon N (2010) NetStore: an efficient storage infrastructure for network forensics and monitoring. In: Recent advances in intrusion detection, vol 6307. Springer, Berlin/Heidelberg, pp 277–296
Miroslav P, Paul G, Joel W, Herv B (2010) New payload attribution methods for network forensic investigations. ACM Trans Inf Syst Secur 13(2):1–32
Tang H, Zou T, Jin Q, Zhang J (2011) A distributed framework for forensics based on the content of network transmission. In: First international conference on instrumentation, measurement, computer, communication and control, pp 852–855
Beverly R, Garfinkel S, Cardwell G (2011) Forensic carving of network packets and associated data structures. Digit Investig 8(Supplement):S78–S89
Ying Z (2011) Attack pattern discovery in forensic investigation of network attacks. IEEE J Sel Areas Commun 29(7):1349–1357
Chen S, Zeng K, Mohapatra P (2011) Efficient data capturing for network forensics in cognitive radio networks. IEEE/ACM Trans Netw PP(99):1–1
Jianxia N, Singh S, Pelechrinis K, Liu B, Krishnamurthy SV, Govindan R (2012) Forensic analysis of packet losses in wireless networks. In: 20th IEEE international conference on network protocols, pp 1–10
Palomo EJ, Elizondo D, Dom’ınguez E, Luque RM, Watson T (2012) SOM-based techniques towards hierarchical visualisation of network forensics traffic data. In: Computational intelligence for privacy and security, vol 394. Springer, Berlin/Heidelberg, pp 75–95
Garfinkel S, Nelson AJ, Young J (2012) A general strategy for differential forensic analysis. Digit Investig 9(Supplement, no. 0):S50–S59
Chen LM, Chen MC, Liao W, Sun YS (2013) A scalable network forensics mechanism for stealthy self-propagating attacks. Comput Commun 36(13):1471–1484
Scanlon M, Kechadi MT (2013) Universal peer-to-peer network investigation framework. In: Eighth international conference on availability, reliability and security, pp 694–700
Gebhardt T, Reiser HP (2013) Network Forensics for Cloud Computing. In: 13th IFIP WG 6.1 international conference on Distributed Applications and Interoperable Systems, Florence, Italy, pp 29–42
Shin-Ying H, Yennun H (2013) Network Forensic Analysis Using Growing Hierarchical SOM. In: 13th international conference on Data Mining Workshops, pp 536–543
Almulhem A, Traore I (2005) Experience with engineering a network forensics system. In: International conference on Information Networking, Convergence in Broadband and Mobile Networking (ICOIN 05), Jeju Island, Korea, pp 62–71
Nikkel BJ (2006) A portable network forensic evidence collector. Digit Investig 3(3):127–135
Vandenberghe G (2008) Network traffic exploration application: A tool to assess, visualize, and analyze network security events. In: Goodall J, Conti G, Ma K-L (eds) Visualization for computer security, vol 5210. Springer, Berlin/Heidelberg, pp 181–196
Brauckhoff D, Dimitropoulos X, Wagner A, Salamatian K (2009) Anomaly extraction in backbone networks using association rules. In: Internet Measurement Conference (IMC), pp 1788–1799
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer-Verlag London
About this chapter
Cite this chapter
Joshi, R.C., Pilli, E.S. (2016). Network Forensic Frameworks. In: Fundamentals of Network Forensics. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-4471-7299-4_3
Download citation
DOI: https://doi.org/10.1007/978-1-4471-7299-4_3
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-7297-0
Online ISBN: 978-1-4471-7299-4
eBook Packages: Computer ScienceComputer Science (R0)