Skip to main content
SpringerLink
Log in

Preprocessing of Log Files Using Diffusion Map for Forensic Examination

  • Conference paper
  • First Online:
Proceedings of International Conference on Communication and Networks

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 508))

  • 1220 Accesses

Abstract

The increase in the number of internet users may lead to cyber crimes and attacks in network. The forensic investigator investigates the crimes by determining the series of actions taken by an attacker. Forensic examination can be performed by isolating the hard disk, physical memory, log files, etc. The information collected from the logs are huge, hence it is necessary to reduce the dimensionality of the features for the efficient investigation of attacks. The proposed method reads the web server logs and uses Diffusion Map for the extraction of relevant features. Diffusion Map helps to detect the attack more accurately than the other dimensional methods, and the computational time grows linearly.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS) NIST Special Publications 800-94,1–127 (2007).

    Google Scholar 

  2. Patcha, A., Park, J. M.: An overview of anomaly detection techniques: existing solutions and latest technological trends, J. Comput. Netw., vol. 51, 3448–3470, (2007).

    Google Scholar 

  3. Zhang, Z., Li, J., Manikopoulos, C., Jorgenson, J., Ucles, J.: HIDE: a Hierarchical Network Intrusion Detection System using statistical preprocessing and Neural Network classification, In: Proceedings of IEEE Workshop on Information Assurance and Security, pp. 85–90, (2001).

    Google Scholar 

  4. Govindarajan, M., Chandrasekaran, R.: Intrusion Detection using neural based hybrid classification methods, J. Comput. Netw., vol. 55, 1662–1671, (2011).

    Google Scholar 

  5. Hu, W., Liao, Y., Vemuri, V. R.: Robust anomaly detection using Support Vector Machines, In: Proceedings of International Conference on Machine Learning, pp. 592–597, (2003).

    Google Scholar 

  6. Liao, H.J., Lin, C.-H.R., Lin Y.C., Tung, K.Y.: Intrusion Detection System: a comprehensive review, J. Netw. Comput. Appl., vol. 36, 16–24, (2013).

    Google Scholar 

  7. Adrian T.N. Palmer, Computer Forensics, The six steps, US-CERT, (2008).

    Google Scholar 

  8. Liao, N., Tian, S., Wang, T.: Network forensics based on fuzzy logic and expert system, J. Computer Communications, vol. 32, 1881–1892, (2009).

    Google Scholar 

  9. Carrier, B.: File System Forensic Analysis, Addison-Wesley Professional, (2005).

    Google Scholar 

  10. Kruegel, C., Vigna, G.: Anomaly detection of web based attacks. In: Proceedings of the 10th ACM conference on communications security, pp. 251–261, ACM, (2003).

    Google Scholar 

  11. Lee, K., Kim, J., Kwon, K.H., Han, Y., Kim, S.: DDoS attack detection using cluster analysis. J. Expert Systems with applications, vol. 34, Issue 3, 1659–1665, (2008).

    Google Scholar 

  12. Maggi, F., Robertson, W., Kruegel, C., Vigna, G.: Protecting a moving target: Addressing web application concept drift. In: Kirda, E., Jha, S., Balzarotti, D., (eds.), Recent Advances in Intrusion Detection 2009. LNCS, vol. 5758, pp. 21–40. Springer, Berlin Heidelberg (2009).

    Google Scholar 

  13. Sipola, T., Juvonen, A., Lehtonen, J.: Anomaly detection from network logs using diffusion maps, In: L. Iliadis, C. Jayne (Eds.), Engineering Applications of Neural Networks, IFIP Advances in Information and Communication Technology, LNCS, vol. 363, pp. 172–181, Springer, Boston (2011).

    Google Scholar 

  14. Juvonen, A., Sipola, T., Hamalainen, T.: Online anomaly detection using dimensionality reduction techniques for HTTP log analysis, J. Comput. Netw., vol. 91, 46–56, (2015).

    Google Scholar 

  15. Sipola, T., Juvonen, A., Lehtonen, J.: Dimensionality reduction framework for detecting anomalies from network logs, J. Eng. Intell. Syst., vol. 20, 87–97, (2012).

    Google Scholar 

  16. Juvonen, A., Sipola, T.: Adaptive framework for network traffic classification using dimensionality reduction and clustering, Proceedings of the IV International Congress on Ultra Modern Telecommunications and Control Systems 2012 (ICUMT 2012), St. Petersburg, Russia, pp. 274–279, (2012).

    Google Scholar 

  17. HULK attack, http://github.com/grafov/hulk.

  18. OWASP HTTP DDoS attack, www.exploiterz.blogspot.in/2013/07/owasp-http-getpost-ddos-attacker-tool.

    Google Scholar 

  19. HOIC attack tool, www.thehackersnews.com/2012/03/another-ddos-tool-from-anonymous-hoic.html.

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology, Tiruchirappalli, Tamil Nadu, 620015, India

    T. Raja Sree & S. Mary Saira Bhanu

Authors
  1. T. Raja Sree
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Mary Saira Bhanu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to T. Raja Sree .

Editor information

Editors and Affiliations

  1. Narsinhbhai Inst. of Comp. Stud. & Mngmt, Professor and Head Narsinhbhai Inst. of Comp. Stud. & Mngmt, Kadi, Mehsana, Gujarat, India

    Nilesh Modi

  2. The University of Oklahoma, Director, Telecommunication Engineering The University of Oklahoma, Norman, Oklahoma, Oklahoma, USA

    Pramode Verma

  3. GLS University, Dean & Faculty of Computer Technology GLS University, Ahmedabad, Gujarat, India

    Bhushan Trivedi

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

Raja Sree, T., Mary Saira Bhanu, S. (2017). Preprocessing of Log Files Using Diffusion Map for Forensic Examination. In: Modi, N., Verma, P., Trivedi, B. (eds) Proceedings of International Conference on Communication and Networks. Advances in Intelligent Systems and Computing, vol 508. Springer, Singapore. https://doi.org/10.1007/978-981-10-2750-5_42

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-2750-5_42

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-2749-9

  • Online ISBN: 978-981-10-2750-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation