A new approach to executable file fragment detection in network forensics

Research output: A Conference proceeding or a Chapter in BookConference contribution

2 Downloads (Pure)

Abstract

Network forensics known as an extended phase of network security plays an essential role in dealing with cybercrime. The performance of a network forensics system heavily depends on the network attack detection solutions. Two main types of network attacks are network level and application level. Current research methods have improved the detection rate but this is still a challenge. We propose a Shannon entropy approach to this study to identify executable file content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides high detection rate
Original languageEnglish
Title of host publicationInternational Conference on Network and System Security (NSS 2014)
EditorsMan Ho Au, Barbara Carminati, C.-C Jay Kuo
Place of PublicationGermany
PublisherSpringer
Pages510-517
Number of pages8
Volume8792
ISBN (Electronic)9783319116983
ISBN (Print)9783319116976
DOIs
Publication statusPublished - 2014
Event8th International Conference, Network and System Security 2014 - Xian, Xian, China
Duration: 15 Oct 201417 Oct 2014

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume8792
ISSN (Print)0302-9743

Conference

Conference8th International Conference, Network and System Security 2014
CountryChina
CityXian
Period15/10/1417/10/14

Fingerprint

Network security
Entropy
Digital forensics

Cite this

TRAN, D., MA, W., & SHARMA, D. (2014). A new approach to executable file fragment detection in network forensics. In M. H. Au, B. Carminati, & C. -C. J. Kuo (Eds.), International Conference on Network and System Security (NSS 2014) (Vol. 8792, pp. 510-517). (Lecture Notes in Computer Science; Vol. 8792). Germany: Springer. https://doi.org/10.1007/978-3-319-11698-3_40
TRAN, Dat ; MA, Wanli ; SHARMA, Dharmendra. / A new approach to executable file fragment detection in network forensics. International Conference on Network and System Security (NSS 2014). editor / Man Ho Au ; Barbara Carminati ; C.-C Jay Kuo. Vol. 8792 Germany : Springer, 2014. pp. 510-517 (Lecture Notes in Computer Science).
@inproceedings{3e3bb13121c04a898d86dd4d565af92e,
title = "A new approach to executable file fragment detection in network forensics",
abstract = "Network forensics known as an extended phase of network security plays an essential role in dealing with cybercrime. The performance of a network forensics system heavily depends on the network attack detection solutions. Two main types of network attacks are network level and application level. Current research methods have improved the detection rate but this is still a challenge. We propose a Shannon entropy approach to this study to identify executable file content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides high detection rate",
keywords = "Executable data detection, Machine learning, Network forensics, File fragment detection",
author = "Dat TRAN and Wanli MA and Dharmendra SHARMA",
year = "2014",
doi = "10.1007/978-3-319-11698-3_40",
language = "English",
isbn = "9783319116976",
volume = "8792",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "510--517",
editor = "Au, {Man Ho} and Barbara Carminati and Kuo, {C.-C Jay}",
booktitle = "International Conference on Network and System Security (NSS 2014)",
address = "Netherlands",

}

TRAN, D, MA, W & SHARMA, D 2014, A new approach to executable file fragment detection in network forensics. in MH Au, B Carminati & C-CJ Kuo (eds), International Conference on Network and System Security (NSS 2014). vol. 8792, Lecture Notes in Computer Science, vol. 8792, Springer, Germany, pp. 510-517, 8th International Conference, Network and System Security 2014, Xian, China, 15/10/14. https://doi.org/10.1007/978-3-319-11698-3_40

A new approach to executable file fragment detection in network forensics. / TRAN, Dat; MA, Wanli; SHARMA, Dharmendra.

International Conference on Network and System Security (NSS 2014). ed. / Man Ho Au; Barbara Carminati; C.-C Jay Kuo. Vol. 8792 Germany : Springer, 2014. p. 510-517 (Lecture Notes in Computer Science; Vol. 8792).

Research output: A Conference proceeding or a Chapter in BookConference contribution

TY - GEN

T1 - A new approach to executable file fragment detection in network forensics

AU - TRAN, Dat

AU - MA, Wanli

AU - SHARMA, Dharmendra

PY - 2014

Y1 - 2014

N2 - Network forensics known as an extended phase of network security plays an essential role in dealing with cybercrime. The performance of a network forensics system heavily depends on the network attack detection solutions. Two main types of network attacks are network level and application level. Current research methods have improved the detection rate but this is still a challenge. We propose a Shannon entropy approach to this study to identify executable file content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides high detection rate

AB - Network forensics known as an extended phase of network security plays an essential role in dealing with cybercrime. The performance of a network forensics system heavily depends on the network attack detection solutions. Two main types of network attacks are network level and application level. Current research methods have improved the detection rate but this is still a challenge. We propose a Shannon entropy approach to this study to identify executable file content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides high detection rate

KW - Executable data detection

KW - Machine learning

KW - Network forensics

KW - File fragment detection

UR - http://www.scopus.com/inward/record.url?scp=84908679368&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-11698-3_40

DO - 10.1007/978-3-319-11698-3_40

M3 - Conference contribution

SN - 9783319116976

VL - 8792

T3 - Lecture Notes in Computer Science

SP - 510

EP - 517

BT - International Conference on Network and System Security (NSS 2014)

A2 - Au, Man Ho

A2 - Carminati, Barbara

A2 - Kuo, C.-C Jay

PB - Springer

CY - Germany

ER -

TRAN D, MA W, SHARMA D. A new approach to executable file fragment detection in network forensics. In Au MH, Carminati B, Kuo C-CJ, editors, International Conference on Network and System Security (NSS 2014). Vol. 8792. Germany: Springer. 2014. p. 510-517. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-319-11698-3_40