Add to ORKGWe develop a prototype network forensics analysis tool that integrates presentation, manipulation and automated reasoning of intrusion evidence. We propose the evidence graph as a novel graph model to facilitate the presentation and manipulation of intrusion evidence. For automated evidence analysis, we develop a hierarchical reasoning framework that includes local reasoning and global reasoning. In local reasoning, we apply Rule-based Fuzzy Cognitive Maps (RBFCM) to model the state evolution of suspicious hosts. In global reasoning, we aim to identify group of strongly correlated hosts in the attack and derive their relationships in the attack scenario. Our analysis mechanism effectively integrates analyst feedbacks into the automated reas...
The 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS 2016), Larnac...
Attack graphs provide compact representations of the attack paths an attacker can follow to compromi...
Forensic readiness can support future forensics investigation or auditing on external/internal attac...
Network forensic analysis is a process that analyzes intrusion evidence captured from networked envi...
Part 5: NETWORK FORENSICSInternational audienceProbabilistic evidence graphs can be used to model ne...
As the Internet becomes larger in scale, more complex in structure and more diversified in traffic, ...
Constructing an efficient and accurate model from security events to determine an attack scenario fo...
The development of technology in computer networks has increased the percentage of cyber-attacks and...
The task of generating network-based evidence to support network forensic investigation is becoming ...
Part 2: INTERNET CRIME INVESTIGATIONSInternational audienceMany attackers tend to use sophisticated ...
Preface on the 5th International Workshop on Traffic Measurements for Cybersecurity (10.1109/EuroSPW...
Preface on the 5th International Workshop on Traffic Measurements for Cybersecurity (10.1109/EuroSPW...
Part 3: NETWORK FORENSICSInternational audienceModern-day attackers use sophisticated multi-stage an...
Network forensics investigates a network attack by tracing the source of the attack and attributing ...
International audienceWhen analyzing the security of activities in a highly distributed system, an a...
The 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS 2016), Larnac...
Attack graphs provide compact representations of the attack paths an attacker can follow to compromi...
Forensic readiness can support future forensics investigation or auditing on external/internal attac...
Network forensic analysis is a process that analyzes intrusion evidence captured from networked envi...
Part 5: NETWORK FORENSICSInternational audienceProbabilistic evidence graphs can be used to model ne...
As the Internet becomes larger in scale, more complex in structure and more diversified in traffic, ...
Constructing an efficient and accurate model from security events to determine an attack scenario fo...
The development of technology in computer networks has increased the percentage of cyber-attacks and...
The task of generating network-based evidence to support network forensic investigation is becoming ...
Part 2: INTERNET CRIME INVESTIGATIONSInternational audienceMany attackers tend to use sophisticated ...
Preface on the 5th International Workshop on Traffic Measurements for Cybersecurity (10.1109/EuroSPW...
Preface on the 5th International Workshop on Traffic Measurements for Cybersecurity (10.1109/EuroSPW...
Part 3: NETWORK FORENSICSInternational audienceModern-day attackers use sophisticated multi-stage an...
Network forensics investigates a network attack by tracing the source of the attack and attributing ...
International audienceWhen analyzing the security of activities in a highly distributed system, an a...
The 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS 2016), Larnac...
Attack graphs provide compact representations of the attack paths an attacker can follow to compromi...
Forensic readiness can support future forensics investigation or auditing on external/internal attac...