Title :
Multi-dimensional visualization for network forensic analysis
Author :
Promrit, Nuttachot ; Mingkhwan, Anirach ; Simcharoen, Supaporn ; Namvong, Nati
Author_Institution :
Fac. of Inf. Technol., King Mongkut´´s Univ. of Technol. North Bangkok, Bangkok, Thailand
Abstract :
This research studies the offense on a computer network with multiple dimensions of network traffic and logs using parallel coordinates to show relationships of various parameters such as user, source ip address, time, destination ip address, destination service and domain name. The aim is to test the hypothesis that this technique is able to identify patterns of attacks and the behavior of offenders. Initially the attacks were simulated by creating text file dataset. The results of the experiment showed that (i) Attacked signatures are various depending on the situation of attack. (ii) Analyst can observe the attacks obviously in details. In addition, researchers proposed-user investigations with visualization time machine for network forensic (UIV) as a tool for analyzing the behavior on a computer network, the results also showed that (iii) it is possible to track an individual´s behavior using this tool.
Keywords :
IP networks; computer crime; computer forensics; computer network security; data visualisation; IP address; computer network; domain name; multidimensional visualization; network forensic analysis; network traffic; parallel coordinate; text file dataset; visualization time machine; Calendars; Computer architecture; Computer networks; Data visualization; Electronic mail; Forensics; Servers; Network forensic; Network traffic visualization; Parallel coordinates;
Conference_Titel :
Networked Computing (INC), 2011 The 7th International Conference on
Conference_Location :
Gyeongsangbuk-do
Print_ISBN :
978-1-4577-1129-9
Electronic_ISBN :
978-89-88678-43-5
