An approach to detect network attacks applied for network forensics

    Research output: A Conference proceeding or a Chapter in BookConference contribution

    3 Citations (Scopus)

    Abstract

    Network forensics is addressed to deal with cybercrime. The main purpose of a network forensics system is reconstructing evidences of network attacks. In order to reconstruct evidence, the network attack is firstly identified. Therefore, network attack detection solutions play an important role in network forensics. There are two main types of network attacks: network level and application level. Network level attack detection solutions focus on the information in the headers of network packets. While, application level attack detection solutions investigate the data fragments carried out in the packet payloads. We propose an approach based on Shannon entropy and machine learning techniques to identify executable content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides very high detection rate.
    Original languageEnglish
    Title of host publication2014 11th International Conference on Fuzzy Systems and Knowledge Discovery
    EditorsShuihua Han, Tao Li
    Place of PublicationUSA
    PublisherIEEE, Institute of Electrical and Electronics Engineers
    Pages655-660
    Number of pages6
    ISBN (Print)9781479951482
    DOIs
    Publication statusPublished - 2014
    Event2014 11th International Conference on Fuzzy Systems and Knowledge Discovery - Xiamen, Xiamen, China
    Duration: 19 Aug 201421 Aug 2014

    Conference

    Conference2014 11th International Conference on Fuzzy Systems and Knowledge Discovery
    CountryChina
    CityXiamen
    Period19/08/1421/08/14

    Fingerprint

    Packet networks
    Learning systems
    Entropy
    Digital forensics

    Cite this

    TRAN, D., MA, W., & SHARMA, D. (2014). An approach to detect network attacks applied for network forensics. In S. Han, & T. Li (Eds.), 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (pp. 655-660). USA: IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/fskd.2014.6980912
    TRAN, Dat ; MA, Wanli ; SHARMA, Dharmendra. / An approach to detect network attacks applied for network forensics. 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery. editor / Shuihua Han ; Tao Li. USA : IEEE, Institute of Electrical and Electronics Engineers, 2014. pp. 655-660
    @inproceedings{a2ce0aa24d78413cb24813586ba56fe4,
    title = "An approach to detect network attacks applied for network forensics",
    abstract = "Network forensics is addressed to deal with cybercrime. The main purpose of a network forensics system is reconstructing evidences of network attacks. In order to reconstruct evidence, the network attack is firstly identified. Therefore, network attack detection solutions play an important role in network forensics. There are two main types of network attacks: network level and application level. Network level attack detection solutions focus on the information in the headers of network packets. While, application level attack detection solutions investigate the data fragments carried out in the packet payloads. We propose an approach based on Shannon entropy and machine learning techniques to identify executable content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides very high detection rate.",
    keywords = "Entropy, Executable data detection, Machine learning, Network forensics",
    author = "Dat TRAN and Wanli MA and Dharmendra SHARMA",
    year = "2014",
    doi = "10.1109/fskd.2014.6980912",
    language = "English",
    isbn = "9781479951482",
    pages = "655--660",
    editor = "Shuihua Han and Tao Li",
    booktitle = "2014 11th International Conference on Fuzzy Systems and Knowledge Discovery",
    publisher = "IEEE, Institute of Electrical and Electronics Engineers",
    address = "United States",

    }

    TRAN, D, MA, W & SHARMA, D 2014, An approach to detect network attacks applied for network forensics. in S Han & T Li (eds), 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery. IEEE, Institute of Electrical and Electronics Engineers, USA, pp. 655-660, 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, Xiamen, China, 19/08/14. https://doi.org/10.1109/fskd.2014.6980912

    An approach to detect network attacks applied for network forensics. / TRAN, Dat; MA, Wanli; SHARMA, Dharmendra.

    2014 11th International Conference on Fuzzy Systems and Knowledge Discovery. ed. / Shuihua Han; Tao Li. USA : IEEE, Institute of Electrical and Electronics Engineers, 2014. p. 655-660.

    Research output: A Conference proceeding or a Chapter in BookConference contribution

    TY - GEN

    T1 - An approach to detect network attacks applied for network forensics

    AU - TRAN, Dat

    AU - MA, Wanli

    AU - SHARMA, Dharmendra

    PY - 2014

    Y1 - 2014

    N2 - Network forensics is addressed to deal with cybercrime. The main purpose of a network forensics system is reconstructing evidences of network attacks. In order to reconstruct evidence, the network attack is firstly identified. Therefore, network attack detection solutions play an important role in network forensics. There are two main types of network attacks: network level and application level. Network level attack detection solutions focus on the information in the headers of network packets. While, application level attack detection solutions investigate the data fragments carried out in the packet payloads. We propose an approach based on Shannon entropy and machine learning techniques to identify executable content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides very high detection rate.

    AB - Network forensics is addressed to deal with cybercrime. The main purpose of a network forensics system is reconstructing evidences of network attacks. In order to reconstruct evidence, the network attack is firstly identified. Therefore, network attack detection solutions play an important role in network forensics. There are two main types of network attacks: network level and application level. Network level attack detection solutions focus on the information in the headers of network packets. While, application level attack detection solutions investigate the data fragments carried out in the packet payloads. We propose an approach based on Shannon entropy and machine learning techniques to identify executable content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides very high detection rate.

    KW - Entropy

    KW - Executable data detection

    KW - Machine learning

    KW - Network forensics

    U2 - 10.1109/fskd.2014.6980912

    DO - 10.1109/fskd.2014.6980912

    M3 - Conference contribution

    SN - 9781479951482

    SP - 655

    EP - 660

    BT - 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery

    A2 - Han, Shuihua

    A2 - Li, Tao

    PB - IEEE, Institute of Electrical and Electronics Engineers

    CY - USA

    ER -

    TRAN D, MA W, SHARMA D. An approach to detect network attacks applied for network forensics. In Han S, Li T, editors, 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery. USA: IEEE, Institute of Electrical and Electronics Engineers. 2014. p. 655-660 https://doi.org/10.1109/fskd.2014.6980912