• DocumentCode
    3448872
  • Title

    The network coordinative forensics technology base on data provenance

  • Author

    Huang Wen ; Wen Chun-sheng

  • Author_Institution
    Network Center, Hunan Univ. of Sci. & Eng., Yongzhou, China
  • Volume
    2
  • fYear
    2011
  • fDate
    20-22 Aug. 2011
  • Firstpage
    54
  • Lastpage
    58
  • Abstract
    At present there is no good security tool that can directly associate analysis to the multi-step attack on network, and reconstruct invading process to obtain the criminal evidence. So a new approach of network coordinative forensics based on data provenance was presented: Set up a log server with SYSLOG mechanism, obtain logs provenance databases with Perm rewrite technology, position multi-step attacker with where provenance, and reconfiguration attack process with why provenance. Data provenance theory and experiment results proved that the new approach is feasible and effective.
  • Keywords
    computer forensics; computer network security; data analysis; rewriting systems; Perm rewrite technology; SYSLOG mechanism; association analysis; criminal evidence; data provenance; multi-step attack; network coordinative forensics; reconfiguration attack process; Compounds; Computers; Databases; Fires; Forensics; IP networks; Security; association analysis; coordinative forensics; data provenance; multi-step attack; perm;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Technology and Artificial Intelligence Conference (ITAIC), 2011 6th IEEE Joint International
  • Conference_Location
    Chongqing
  • Print_ISBN
    978-1-4244-8622-9
  • Type

    conf

  • DOI
    10.1109/ITAIC.2011.6030276
  • Filename
    6030276
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3448872