Abstract
Network forensics involves the capture, recording, and analysis of network events in order to discover the source of security attacks and other problem incidents. We extend our previously proposed model for collecting network data, identifying suspicious packets, examining protocol features misused and correlating attack attributes. This model is capable of handling attacks on the TCP/IP suite. The results obtained by this model are validated.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The official google blog, http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
DDOS attackers continue hitting Twitter, Facebook, Google, http://www.computerworld.com/s/article/9136402/DDOS_attackers_continue_hitting_Twitter_Facebook_Google
Kaushik, A.K., Joshi, R.C.: Network Forensic System for ICMP Attacks. Int’l J. of Comp. App. 2(3), 14–21 (2010)
Mukkamala, S., Sung, A.H.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. Int’l J. of Dig. Evidence 1(4), 1–17 (2003)
Almulhem, A., Traore, I.: Experience with engineering a network forensics system. In: Kim, C. (ed.) ICOIN 2005. LNCS, vol. 3391, pp. 62–71. Springer, Heidelberg (2005)
Staniford, S., Hoagland, J.A., McAlerney, J.M.: Practical automated detection of stealthy portscans. J. of Comp. Security 10(1/2), 105–136 (2002)
Bailey, M., Cooke, E., Jahanian, F., Provos, N., Rosaen, K., Watson, D.: Data reduction for the scalable automated analysis of distributed darknet traffic. In: 5th USENIX/ACM Internet Measurement Conference, pp. 239–252 (2005)
Maier, G., Sommer, R., Dreger, H., Feldmann, A., Paxson, V., Schneider, F.: Enriching network security analysis with time travel. In: ACM SIGCOMM 2008, pp. 183–194 (2008)
Wireshark’s Users Guide, http://www.wireshark.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kaushik, A.K., Pilli, E.S., Joshi, R.C. (2010). Network Forensic Analysis by Correlation of Attacks with Network Attributes. In: Das, V.V., Vijaykumar, R. (eds) Information and Communication Technologies. ICT 2010. Communications in Computer and Information Science, vol 101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15766-0_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-15766-0_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15765-3
Online ISBN: 978-3-642-15766-0
eBook Packages: Computer ScienceComputer Science (R0)