An approach to detect network attacks applied for network forensics

Dat TRAN; Wanli MA; Dharmendra SHARMA

doi:10.1109/fskd.2014.6980912

An approach to detect network attacks applied for network forensics

Dat TRAN, Wanli MA, Dharmendra SHARMA

Information, Technology (IT) & Systems

Research output: A Conference proceeding or a Chapter in Book › Conference contribution

4 Citations (Scopus)

Abstract

Network forensics is addressed to deal with cybercrime. The main purpose of a network forensics system is reconstructing evidences of network attacks. In order to reconstruct evidence, the network attack is firstly identified. Therefore, network attack detection solutions play an important role in network forensics. There are two main types of network attacks: network level and application level. Network level attack detection solutions focus on the information in the headers of network packets. While, application level attack detection solutions investigate the data fragments carried out in the packet payloads. We propose an approach based on Shannon entropy and machine learning techniques to identify executable content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides very high detection rate.

Original language	English
Title of host publication	2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014
Editors	Shuihua Han, Tao Li
Place of Publication	USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	655-660
Number of pages	6
ISBN (Electronic)	9781479951482
ISBN (Print)	9781479951482
DOIs	https://doi.org/10.1109/fskd.2014.6980912
Publication status	Published - 2014
Event	11th International Conference on Fuzzy Systems and Knowledge Discovery 2014 - Xiamen, Xiamen, China Duration: 19 Aug 2014 → 21 Aug 2014

Publication series

Name	2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014

Conference

Conference	11th International Conference on Fuzzy Systems and Knowledge Discovery 2014
Country	China
City	Xiamen
Period	19/08/14 → 21/08/14

Access to Document

10.1109/fskd.2014.6980912

Link to publication in Scopus

Fingerprint Dive into the research topics of 'An approach to detect network attacks applied for network forensics'. Together they form a unique fingerprint.

Cite this

TRAN, D., MA, W., & SHARMA, D. (2014). An approach to detect network attacks applied for network forensics. In S. Han, & T. Li (Eds.), 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014 (pp. 655-660). [6980912] (2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014). IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/fskd.2014.6980912

TRAN, Dat ; MA, Wanli ; SHARMA, Dharmendra. / An approach to detect network attacks applied for network forensics. 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014. editor / Shuihua Han ; Tao Li. USA : IEEE, Institute of Electrical and Electronics Engineers, 2014. pp. 655-660 (2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014).

@inproceedings{a2ce0aa24d78413cb24813586ba56fe4,

title = "An approach to detect network attacks applied for network forensics",

abstract = "Network forensics is addressed to deal with cybercrime. The main purpose of a network forensics system is reconstructing evidences of network attacks. In order to reconstruct evidence, the network attack is firstly identified. Therefore, network attack detection solutions play an important role in network forensics. There are two main types of network attacks: network level and application level. Network level attack detection solutions focus on the information in the headers of network packets. While, application level attack detection solutions investigate the data fragments carried out in the packet payloads. We propose an approach based on Shannon entropy and machine learning techniques to identify executable content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides very high detection rate.",

keywords = "Entropy, Executable data detection, Machine learning, Network forensics",

author = "Dat TRAN and Wanli MA and Dharmendra SHARMA",

year = "2014",

doi = "10.1109/fskd.2014.6980912",

language = "English",

isbn = "9781479951482",

series = "2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

pages = "655--660",

editor = "Shuihua Han and Tao Li",

booktitle = "2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014",

address = "United States",

note = "11th International Conference on Fuzzy Systems and Knowledge Discovery 2014 ; Conference date: 19-08-2014 Through 21-08-2014",

}

TRAN, D , MA, W & SHARMA, D 2014, An approach to detect network attacks applied for network forensics. in S Han & T Li (eds), 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014., 6980912, 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014, IEEE, Institute of Electrical and Electronics Engineers, USA, pp. 655-660, 11th International Conference on Fuzzy Systems and Knowledge Discovery 2014, Xiamen, China, 19/08/14. https://doi.org/10.1109/fskd.2014.6980912

An approach to detect network attacks applied for network forensics. / TRAN, Dat ; MA, Wanli ; SHARMA, Dharmendra.

2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014. ed. / Shuihua Han; Tao Li. USA : IEEE, Institute of Electrical and Electronics Engineers, 2014. p. 655-660 6980912 (2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014).

Research output: A Conference proceeding or a Chapter in Book › Conference contribution

TY - GEN

T1 - An approach to detect network attacks applied for network forensics

AU - TRAN, Dat

AU - MA, Wanli

AU - SHARMA, Dharmendra

PY - 2014

Y1 - 2014

N2 - Network forensics is addressed to deal with cybercrime. The main purpose of a network forensics system is reconstructing evidences of network attacks. In order to reconstruct evidence, the network attack is firstly identified. Therefore, network attack detection solutions play an important role in network forensics. There are two main types of network attacks: network level and application level. Network level attack detection solutions focus on the information in the headers of network packets. While, application level attack detection solutions investigate the data fragments carried out in the packet payloads. We propose an approach based on Shannon entropy and machine learning techniques to identify executable content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides very high detection rate.

AB - Network forensics is addressed to deal with cybercrime. The main purpose of a network forensics system is reconstructing evidences of network attacks. In order to reconstruct evidence, the network attack is firstly identified. Therefore, network attack detection solutions play an important role in network forensics. There are two main types of network attacks: network level and application level. Network level attack detection solutions focus on the information in the headers of network packets. While, application level attack detection solutions investigate the data fragments carried out in the packet payloads. We propose an approach based on Shannon entropy and machine learning techniques to identify executable content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides very high detection rate.

KW - Entropy

KW - Executable data detection

KW - Machine learning

KW - Network forensics

UR - http://www.scopus.com/inward/record.url?scp=84920560091&partnerID=8YFLogxK

U2 - 10.1109/fskd.2014.6980912

DO - 10.1109/fskd.2014.6980912

M3 - Conference contribution

SN - 9781479951482

T3 - 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014

SP - 655

EP - 660

BT - 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014

A2 - Han, Shuihua

A2 - Li, Tao

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - USA

T2 - 11th International Conference on Fuzzy Systems and Knowledge Discovery 2014

Y2 - 19 August 2014 through 21 August 2014

ER -

TRAN D , MA W , SHARMA D. An approach to detect network attacks applied for network forensics. In Han S, Li T, editors, 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014. USA: IEEE, Institute of Electrical and Electronics Engineers. 2014. p. 655-660. 6980912. (2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014). https://doi.org/10.1109/fskd.2014.6980912