A new approach to executable file fragment detection in network forensics

Research output: A Conference proceeding or a Chapter in BookConference contribution

2 Downloads (Pure)

Abstract

Network forensics known as an extended phase of network security plays an essential role in dealing with cybercrime. The performance of a network forensics system heavily depends on the network attack detection solutions. Two main types of network attacks are network level and application level. Current research methods have improved the detection rate but this is still a challenge. We propose a Shannon entropy approach to this study to identify executable file content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides high detection rate
Original languageEnglish
Title of host publicationInternational Conference on Network and System Security (NSS 2014)
EditorsMan Ho Au, Barbara Carminati, C.-C Jay Kuo
Place of PublicationGermany
PublisherSpringer
Pages510-517
Number of pages8
Volume8792
ISBN (Electronic)9783319116983
ISBN (Print)9783319116976
DOIs
Publication statusPublished - 2014
Event8th International Conference, Network and System Security 2014 - Xian, Xian, China
Duration: 15 Oct 201417 Oct 2014

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume8792
ISSN (Print)0302-9743

Conference

Conference8th International Conference, Network and System Security 2014
CountryChina
CityXian
Period15/10/1417/10/14

    Fingerprint

Cite this

TRAN, D., MA, W., & SHARMA, D. (2014). A new approach to executable file fragment detection in network forensics. In M. H. Au, B. Carminati, & C. -C. J. Kuo (Eds.), International Conference on Network and System Security (NSS 2014) (Vol. 8792, pp. 510-517). (Lecture Notes in Computer Science; Vol. 8792). Germany: Springer. https://doi.org/10.1007/978-3-319-11698-3_40