Abstract | ||
---|---|---|
Network forensics is addressed to deal with cybercrime. The main purpose of a network forensics system is reconstructing evidences of network attacks. In order to reconstruct evidence, the network attack is firstly identified. Therefore, network attack detection solutions play an important role in network forensics. There are two main types of network attacks: network level and application level. Network level attack detection solutions focus on the information in the headers of network packets. While, application level attack detection solutions investigate the data fragments carried out in the packet payloads. We propose an approach based on Shannon entropy and machine learning techniques to identify executable content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides very high detection rate. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1109/FSKD.2014.6980912 | FSKD |
Keywords | Field | DocType |
network attack evidence reconstruction,machine learning,entropy,executable content identification,data fragments,learning (artificial intelligence),network forensics,shannon entropy,computer network security,network attack identification,executable data detection,machine learning techniques,application level attack detection,digital forensics,network level attack detection,anomaly-based network attack detection,network packet header information,network forensic system,cybercrime,packet payloads | Network level,Network forensics,Computer science,Computer security,Network packet,Cybercrime,Entropy (information theory),Network attack,Executable,Payload | Conference |
Citations | PageRank | References |
1 | 0.37 | 20 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Khoa Nguyen | 1 | 159 | 13.09 |
Dat Tran | 2 | 454 | 78.64 |
Wanli Ma | 3 | 270 | 32.72 |
Dharmendra Sharma | 4 | 240 | 58.91 |