Abstract
Original language | English |
---|---|
Title of host publication | 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014 |
Editors | Shuihua Han, Tao Li |
Place of Publication | USA |
Publisher | IEEE, Institute of Electrical and Electronics Engineers |
Pages | 655-660 |
Number of pages | 6 |
ISBN (Electronic) | 9781479951482 |
ISBN (Print) | 9781479951482 |
DOIs | |
Publication status | Published - 2014 |
Event | 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery - Xiamen, Xiamen, China Duration: 19 Aug 2014 → 21 Aug 2014 |
Publication series
Name | 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014 |
---|
Conference
Conference | 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery |
---|---|
Country | China |
City | Xiamen |
Period | 19/08/14 → 21/08/14 |
Fingerprint
Cite this
}
An approach to detect network attacks applied for network forensics. / TRAN, Dat; MA, Wanli; SHARMA, Dharmendra.
2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014. ed. / Shuihua Han; Tao Li. USA : IEEE, Institute of Electrical and Electronics Engineers, 2014. p. 655-660 6980912 (2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014).Research output: A Conference proceeding or a Chapter in Book › Conference contribution
TY - GEN
T1 - An approach to detect network attacks applied for network forensics
AU - TRAN, Dat
AU - MA, Wanli
AU - SHARMA, Dharmendra
PY - 2014
Y1 - 2014
N2 - Network forensics is addressed to deal with cybercrime. The main purpose of a network forensics system is reconstructing evidences of network attacks. In order to reconstruct evidence, the network attack is firstly identified. Therefore, network attack detection solutions play an important role in network forensics. There are two main types of network attacks: network level and application level. Network level attack detection solutions focus on the information in the headers of network packets. While, application level attack detection solutions investigate the data fragments carried out in the packet payloads. We propose an approach based on Shannon entropy and machine learning techniques to identify executable content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides very high detection rate.
AB - Network forensics is addressed to deal with cybercrime. The main purpose of a network forensics system is reconstructing evidences of network attacks. In order to reconstruct evidence, the network attack is firstly identified. Therefore, network attack detection solutions play an important role in network forensics. There are two main types of network attacks: network level and application level. Network level attack detection solutions focus on the information in the headers of network packets. While, application level attack detection solutions investigate the data fragments carried out in the packet payloads. We propose an approach based on Shannon entropy and machine learning techniques to identify executable content for anomaly-based network attack detection in network forensics systems. Experimental results show that the proposed approach provides very high detection rate.
KW - Entropy
KW - Executable data detection
KW - Machine learning
KW - Network forensics
UR - http://www.scopus.com/inward/record.url?scp=84920560091&partnerID=8YFLogxK
U2 - 10.1109/fskd.2014.6980912
DO - 10.1109/fskd.2014.6980912
M3 - Conference contribution
SN - 9781479951482
T3 - 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014
SP - 655
EP - 660
BT - 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery, FSKD 2014
A2 - Han, Shuihua
A2 - Li, Tao
PB - IEEE, Institute of Electrical and Electronics Engineers
CY - USA
ER -