Abstract
The increase in the number of internet users may lead to cyber crimes and attacks in network. The forensic investigator investigates the crimes by determining the series of actions taken by an attacker. Forensic examination can be performed by isolating the hard disk, physical memory, log files, etc. The information collected from the logs are huge, hence it is necessary to reduce the dimensionality of the features for the efficient investigation of attacks. The proposed method reads the web server logs and uses Diffusion Map for the extraction of relevant features. Diffusion Map helps to detect the attack more accurately than the other dimensional methods, and the computational time grows linearly.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS) NIST Special Publications 800-94,1–127 (2007).
Patcha, A., Park, J. M.: An overview of anomaly detection techniques: existing solutions and latest technological trends, J. Comput. Netw., vol. 51, 3448–3470, (2007).
Zhang, Z., Li, J., Manikopoulos, C., Jorgenson, J., Ucles, J.: HIDE: a Hierarchical Network Intrusion Detection System using statistical preprocessing and Neural Network classification, In: Proceedings of IEEE Workshop on Information Assurance and Security, pp. 85–90, (2001).
Govindarajan, M., Chandrasekaran, R.: Intrusion Detection using neural based hybrid classification methods, J. Comput. Netw., vol. 55, 1662–1671, (2011).
Hu, W., Liao, Y., Vemuri, V. R.: Robust anomaly detection using Support Vector Machines, In: Proceedings of International Conference on Machine Learning, pp. 592–597, (2003).
Liao, H.J., Lin, C.-H.R., Lin Y.C., Tung, K.Y.: Intrusion Detection System: a comprehensive review, J. Netw. Comput. Appl., vol. 36, 16–24, (2013).
Adrian T.N. Palmer, Computer Forensics, The six steps, US-CERT, (2008).
Liao, N., Tian, S., Wang, T.: Network forensics based on fuzzy logic and expert system, J. Computer Communications, vol. 32, 1881–1892, (2009).
Carrier, B.: File System Forensic Analysis, Addison-Wesley Professional, (2005).
Kruegel, C., Vigna, G.: Anomaly detection of web based attacks. In: Proceedings of the 10th ACM conference on communications security, pp. 251–261, ACM, (2003).
Lee, K., Kim, J., Kwon, K.H., Han, Y., Kim, S.: DDoS attack detection using cluster analysis. J. Expert Systems with applications, vol. 34, Issue 3, 1659–1665, (2008).
Maggi, F., Robertson, W., Kruegel, C., Vigna, G.: Protecting a moving target: Addressing web application concept drift. In: Kirda, E., Jha, S., Balzarotti, D., (eds.), Recent Advances in Intrusion Detection 2009. LNCS, vol. 5758, pp. 21–40. Springer, Berlin Heidelberg (2009).
Sipola, T., Juvonen, A., Lehtonen, J.: Anomaly detection from network logs using diffusion maps, In: L. Iliadis, C. Jayne (Eds.), Engineering Applications of Neural Networks, IFIP Advances in Information and Communication Technology, LNCS, vol. 363, pp. 172–181, Springer, Boston (2011).
Juvonen, A., Sipola, T., Hamalainen, T.: Online anomaly detection using dimensionality reduction techniques for HTTP log analysis, J. Comput. Netw., vol. 91, 46–56, (2015).
Sipola, T., Juvonen, A., Lehtonen, J.: Dimensionality reduction framework for detecting anomalies from network logs, J. Eng. Intell. Syst., vol. 20, 87–97, (2012).
Juvonen, A., Sipola, T.: Adaptive framework for network traffic classification using dimensionality reduction and clustering, Proceedings of the IV International Congress on Ultra Modern Telecommunications and Control Systems 2012 (ICUMT 2012), St. Petersburg, Russia, pp. 274–279, (2012).
HULK attack, http://github.com/grafov/hulk.
OWASP HTTP DDoS attack, www.exploiterz.blogspot.in/2013/07/owasp-http-getpost-ddos-attacker-tool.
HOIC attack tool, www.thehackersnews.com/2012/03/another-ddos-tool-from-anonymous-hoic.html.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Raja Sree, T., Mary Saira Bhanu, S. (2017). Preprocessing of Log Files Using Diffusion Map for Forensic Examination. In: Modi, N., Verma, P., Trivedi, B. (eds) Proceedings of International Conference on Communication and Networks. Advances in Intelligent Systems and Computing, vol 508. Springer, Singapore. https://doi.org/10.1007/978-981-10-2750-5_42
Download citation
DOI: https://doi.org/10.1007/978-981-10-2750-5_42
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-2749-9
Online ISBN: 978-981-10-2750-5
eBook Packages: EngineeringEngineering (R0)