• DocumentCode
    1283921
  • Title

    Attack Pattern Discovery in Forensic Investigation of Network Attacks

  • Author

    Zhu, Ying

  • Author_Institution
    Fac. of Bus. & Inf. Technol., Univ. of Ontario Inst. of Technol., Oshawa, ON, Canada
  • Volume
    29
  • Issue
    7
  • fYear
    2011
  • fDate
    8/1/2011 12:00:00 AM
  • Firstpage
    1349
  • Lastpage
    1357
  • Abstract
    We mine the logs of network traffic data to find the contexts of attacks; we call them attack patterns. We propose an iterative algorithm for discovering attack patterns via a feedback mechanism, with the degrees of belief for attack instances propagated to the next iteration to further refine the search. Our simulations verify that the algorithm achieves accuracy in discovering attack patterns. Our attack pattern discovery has the additional advantage of being an unsupervised algorithm, e.g., it does not require a priori user-defined thresholds.
  • Keywords
    computer forensics; computer network security; data mining; iterative methods; attack pattern discovery; forensic investigation; network attacks; network traffic data; Forensics; Heuristic algorithms; IP networks; Payloads; Probability distribution; Random variables; Security; attack patterns; network forensics; security; suspicion feedback;
  • fLanguage
    English
  • Journal_Title
    Selected Areas in Communications, IEEE Journal on
  • Publisher
    ieee
  • ISSN
    0733-8716
  • Type

    jour

  • DOI
    10.1109/JSAC.2011.110802
  • Filename
    5963155
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1283921