Multi-dimensional visualization for network forensic analysis

Author

Promrit, Nuttachot ; Mingkhwan, Anirach ; Simcharoen, Supaporn ; Namvong, Nati

Author_Institution

Fac. of Inf. Technol., King Mongkut´´s Univ. of Technol. North Bangkok, Bangkok, Thailand

fYear

2011

fDate

26-28 Sept. 2011

Firstpage

68

Lastpage

73

Abstract

This research studies the offense on a computer network with multiple dimensions of network traffic and logs using parallel coordinates to show relationships of various parameters such as user, source ip address, time, destination ip address, destination service and domain name. The aim is to test the hypothesis that this technique is able to identify patterns of attacks and the behavior of offenders. Initially the attacks were simulated by creating text file dataset. The results of the experiment showed that (i) Attacked signatures are various depending on the situation of attack. (ii) Analyst can observe the attacks obviously in details. In addition, researchers proposed-user investigations with visualization time machine for network forensic (UIV) as a tool for analyzing the behavior on a computer network, the results also showed that (iii) it is possible to track an individual´s behavior using this tool.

Keywords

IP networks; computer crime; computer forensics; computer network security; data visualisation; IP address; computer network; domain name; multidimensional visualization; network forensic analysis; network traffic; parallel coordinate; text file dataset; visualization time machine; Calendars; Computer architecture; Computer networks; Data visualization; Electronic mail; Forensics; Servers; Network forensic; Network traffic visualization; Parallel coordinates;

fLanguage

English

Publisher

ieee

Conference_Titel

Networked Computing (INC), 2011 The 7th International Conference on

Conference_Location

Gyeongsangbuk-do

Print_ISBN

978-1-4577-1129-9

Electronic_ISBN

978-89-88678-43-5

Type

conf

Filename

6058947