Log Analyzer for Network Forensics and Incident Reporting

Network intrusion detection systems are used in network forensics and network auditing to log suspicious activities that potentially signify security violations on the networks as alerts. However, the efficacies of intrusion aggregations to succinctly process audit logs that are gaining wider acceptability in computer security are flawed because the methods frequently require high level of expertise to validate each alert and the methods only focus on interesting events. Thus, deceptive attacks that are intentionally launched to be uninteresting events frequently elude detections. Consequently, aggregated alerts are not seriously considered for litigation and incident handling exercises. Therefore, this paper presents extensive investigations of these problems. We deployed Snort to sniff offline datasets in intrusion detection mode and we clustered the alerts of each dataset with several filtering criteria. Furthermore, the results obtained have established how to detect various kinds of interesting and uninteresting attacks that frequently elude detections.