Title :
Automated Analysis of Multi-Source Logs for Network Forensics
Author :
Lin, Chen ; Zhitang, Li ; Cuixia, Gao
Author_Institution :
Sch. of Comput. Sci. & Technol., Huazhong Univ. of Sci. & Technol., Wuhan
Abstract :
Nowadays, one of the reasons for the lack of legal sanctions taken against attackers is that the collection and analysis of forensic evidence is very troublesome and time-consuming. There are many research results about events correlation but not directly suitable for network forensics. The work presented in this paper is based on an idea to collect the evidences from multiple network sensors and analyze them to improve the quality of forensic evidence automatically. This paper discusses the issues of log evidence first. The framework of IEAAS (Automated Analysis System of Intrusion Evidences) is illustrated with LCA (Log Collection Agent) in network sensors and multiple modules in IEAAS. Analysis mechanism is discussed, particularly the improved aggregation algorithm and evidence preservation method are described. Then a series of experiments are performed to validate our method on actual attack network environments of CERNET. The results of experiments show that our approach is practical and effective for dynamic forensics to augment the computer crime investigatorspsila efforts.
Keywords :
computer crime; automated analysis system of intrusion evidences; computer crime investigator efforts; forensic evidence; legal sanctions; log collection agent; multiple network sensors; multisource logs; network forensics; Algorithm design and analysis; Computer crime; Computer science; Computer science education; Digital forensics; Educational technology; Intrusion detection; Law; Legal factors; Sensor systems; aggregation; correlation; dynamic forensics; evidence preservation; multi-source;
Conference_Titel :
Education Technology and Computer Science, 2009. ETCS '09. First International Workshop on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-1-4244-3581-4
DOI :
10.1109/ETCS.2009.153
