Add to ORKGConstructing an efficient and accurate model from security events to determine an attack scenario for an enterprise network is challenging. In this paper, we discuss how to use the information obtained from security events to construct an attack scenario and build an evidence graph. To achieve the accuracy and completeness of the evidence graph, we use Prolog inductive and abductive reasoning to correlate evidence by reasoning the causality, and use an anti-forensics database and a corresponding attack graph to find the missing evidence. 1
Forensic readiness can support future forensics investigation or auditing on external/internal attac...
Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-...
The task of generating network-based evidence to support network forensic investigation is becoming ...
Part 2: INTERNET CRIME INVESTIGATIONSInternational audienceMany attackers tend to use sophisticated ...
We develop a prototype network forensics analysis tool that integrates presentation, manipulation an...
As the Internet becomes larger in scale, more complex in structure and more diversified in traffic, ...
Part 3: NETWORK FORENSICSInternational audienceModern-day attackers use sophisticated multi-stage an...
Part 5: NETWORK FORENSICSInternational audienceProbabilistic evidence graphs can be used to model ne...
Network forensic analysis is a process that analyzes intrusion evidence captured from networked envi...
Preface on the 5th International Workshop on Traffic Measurements for Cybersecurity (10.1109/EuroSPW...
Preface on the 5th International Workshop on Traffic Measurements for Cybersecurity (10.1109/EuroSPW...
The development of technology in computer networks has increased the percentage of cyber-attacks and...
International audienceWhen analyzing the security of activities in a highly distributed system, an a...
2015 Science and Information Conference, London, United Kingdom, 28-30 July 2015The large number of ...
Organizations of all types and their computer networks are constantly under threat of attack. While ...
Forensic readiness can support future forensics investigation or auditing on external/internal attac...
Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-...
The task of generating network-based evidence to support network forensic investigation is becoming ...
Part 2: INTERNET CRIME INVESTIGATIONSInternational audienceMany attackers tend to use sophisticated ...
We develop a prototype network forensics analysis tool that integrates presentation, manipulation an...
As the Internet becomes larger in scale, more complex in structure and more diversified in traffic, ...
Part 3: NETWORK FORENSICSInternational audienceModern-day attackers use sophisticated multi-stage an...
Part 5: NETWORK FORENSICSInternational audienceProbabilistic evidence graphs can be used to model ne...
Network forensic analysis is a process that analyzes intrusion evidence captured from networked envi...
Preface on the 5th International Workshop on Traffic Measurements for Cybersecurity (10.1109/EuroSPW...
Preface on the 5th International Workshop on Traffic Measurements for Cybersecurity (10.1109/EuroSPW...
The development of technology in computer networks has increased the percentage of cyber-attacks and...
International audienceWhen analyzing the security of activities in a highly distributed system, an a...
2015 Science and Information Conference, London, United Kingdom, 28-30 July 2015The large number of ...
Organizations of all types and their computer networks are constantly under threat of attack. While ...
Forensic readiness can support future forensics investigation or auditing on external/internal attac...
Attackers tend to use complex techniques such as combining multi-step, multi-stage attack with anti-...
The task of generating network-based evidence to support network forensic investigation is becoming ...