Abstract
Current research is improving the quality and efficiency of digital investigation methods due to the continuous proliferation of digital crimes. This includes the use of software tools that can help with digital investigations. A novel method for the analysis and visualisation of network forensics traffic data, based on growing hierarchical self-organising maps (GHSOM), is presented. Self-organising maps have shown to be successful for the analysis of highly-dimensional input data in data mining applications as well as for data visualisation. Moreover, the hierarchical architecture of the GHSOM is more flexible than a single SOM in the adaptation process to input data, capturing inherent hierarchical relationships among them. To evaluate the performance of this method in the field of network forensics, traffic data has been clustered and visualised in a hierarchical fashion to enhance the ability of digital forensics to find evidence of attacks or anomalous behaviour in the network. Experimental results show the utility of this approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Roussev III, V., Richard, G.G.: Breaking the performance wall: The case for distributed digital forensics. In: Proceedings of the 2004 Digital Forensics Research Workshop (2004)
Jain, A.K., Murty, M.N., Flynn, P.J.: Data clustering: a review. ACM Comput. Surv. 31, 264–323 (1999)
Kohonen, T.: Self-organized formation of topologically correct feature maps. Biological Cybernetics 43(1), 59–69 (1982)
Vesanto, J.: Som-based data visualization methods. Intelligent Data Analysis 3(2), 111–126 (1999)
Rauber, A., Merkl, D., Dittenbach, M.: The growing hierarchical self-organizing map: Exploratory analysis of high-dimensional data. IEEE Transactions on Neural Networks 13(6), 1331–1341 (2002)
Fritzke, B.: Growing grid - a self-organizing network with constant neighborhood range and adaptation strength. Neural Processing Letters 2(5), 9–13 (1995)
Dittenbach, M., Rauber, A., Merkl, D.: Recent advances with the growing hierarchical self-organizing map. In: 3rd Workshop on Self-Organising Maps (WSOM), pp. 140–145 (2001)
Kruse, W.G., Heiser, J.G.: Computer Forensics: Incident Response Essentials. Addison-Wesley Professional (2001)
Pollit, M.M.: Report on digital evidence. In: Proceedings of the Thirteenth International Forensic Science Symposium (2001)
Marcella Jr., A., Menendez, D.: Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, 2nd edn. Auerbach Publications, Boston (2007)
Mukkamala, S., Sung, A.H.: Identifying significant features for network forensic analysis using artificial intelligent techniques. Intl. Journal of Digital Evidence 1 (2003)
Sommer, P.: Intrusion detection systems as evidence. Comput. Netw. 31, 2477–2487 (1999)
Casey, E.: Network traffic as a source of evidence: tool strengths, weaknesses, and future needs. Digital Investigation 1(1), 28–43 (2004)
Petersen, J.P.: Forensic examination of log files. Master’s thesis, Informatics and Mathematical Modelling, Technical University of Denmark, DTU, Richard Petersens Plads, Building 321, DK-2800 Kgs. Lyngby, Supervised by Assoc. Prof. Robin Sharp (2005)
Corey, V., Peterman, C., Shearin, S., Greenberg, M.S., Van Bokkelen, J.: Network forensics analysis. Network forensics analysis. Internet Computing 6(6), 60–66 (2002)
Wang, W., Daniels, T.E.: Network forensics analysis with evidence graphs (demo proposal). In: Proceedings of the Digital Forensic Research Workshop (2005)
http://www.guidancesoftware.com : Guidance software inc. (2005)
http://www.accessdata.com : Access data corp. (2004)
http://www.foren sics intl.com: Armor forensics (2006)
http://www.techpathways.com : Technology pathways, llc. (2004)
Beebe, N., Clark, J.: Dealing with terabyte data sets in digital investigations. In: Pollitt, M., Shenoi, S. (eds.) Advances in Digital Forensics. IFIP, vol. 194, pp. 3–16. Springer, Boston (2005)
Yin, H.: Data visualisation and manifold mapping using the visom. Neural Networks 15, 1005–1016 (2002)
Fei, B., Eloff, J.H.P., Venter, H.S., Olivier, M.S.: Exploring forensic data with self-organizing maps. In: IFIP Int. Conf. Digital Forensics 2005, pp. 113–123 (2005)
Fei, B.K.L., Eloff, J.H.P., Olivier, M.S., Venter, H.S.: The use of self-organising maps for anomalous behaviour detection in a digital investigation. Forensic Science International 162(1-3), 33–37 (2006)
Ultsch, A., Siemon, H.P.: Kohonen’s Self Organizing Feature Maps for Exploratory Data Analysis. In: Proceedings of International Neural Networks Conference (INNC), pp. 305–308. Kluwer Academic Press (1990)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Palomo, E.J., Elizondo, D., DomÃnguez, E., Luque, R.M., Watson, T. (2012). SOM-Based Techniques towards Hierarchical Visualisation of Network Forensics Traffic Data. In: Elizondo, D., Solanas, A., Martinez-Balleste, A. (eds) Computational Intelligence for Privacy and Security. Studies in Computational Intelligence, vol 394. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25237-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-25237-2_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25236-5
Online ISBN: 978-3-642-25237-2
eBook Packages: EngineeringEngineering (R0)