Improving Analysis Phase in Network Forensics By Using Attack Intention Analysis

The increasing amount of cyber crimes has motivated network forensics researchers to develop new techniques to analyze and investigate these crimes. Reconstructing useful evidence of a cybercrime is difficult due to the vagueness of the analysis phase processes. The analysis phase is challenging because it provides detailed information on the intention and strategy of the attack. This paper aims to show the importance of reconstructing attack intentions in order to improve the analysis phase in network forensics. Intentions are identified through an algorithm called Attack Intention Analysis, which predicts cyber crime intentions by combining mathematical evidence theory and a probabilistic technique. In this paper, the attack intention model will be improved to present the motivation behind cyber crimes. The results of the comparison of the attack intention analysis methods prove that the AIA algorithm is more accurate.

[1]  Junhua Chen,et al.  Research on Attack Intention Recognition Based on Graphical Model , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[2]  Wei Wang,et al.  A Graph Based Approach Toward Network Forensics Analysis , 2008, TSEC.

[3]  Catherine A. Theohary,et al.  Cybercrime: Conceptual Issues for Congress and U.S. Law Enforcement , 2012 .

[4]  Laurence D. Merkle Automated network forensics , 2008, GECCO '08.

[5]  Wu Peng,et al.  An Intrusive Intention Recognition Model Based on Network Security States Graph , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[6]  Junhua Chen,et al.  Recognizing Intrusive Intention and Assessing Threat Based on Attack Path Analysis , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[7]  Aman Jantan,et al.  Attack Intention Analysis Model for Network Forensics , 2011, ICSECS.

[8]  Gang Xu,et al.  Data Fusion for Traffic Incident Detector Using D-S Evidence Theory with Probabilistic SVMs , 2008, J. Comput..

[9]  Wenke Lee,et al.  Attack plan recognition and prediction using causal networks , 2004, 20th Annual Computer Security Applications Conference.

[10]  Ming-Yuh Huang,et al.  A large scale distributed intrusion detection framework based on attack strategy analysis , 1999, Comput. Networks.

[11]  Aman Jantan,et al.  AIA: Attack Intention Analysis Algorithm Based on D-S Theory with Causal Technique for Network Forensics - A Case Study , 2011 .

[12]  Marzieh Ahmadzadeh,et al.  A Novel Supervised Algorithm for Network Intrusion Detection with the Ability of Zero-day Attacks Identification , 2015 .

[13]  Rajdeep Niyogi,et al.  Network forensic frameworks: Survey and research challenges , 2010, Digit. Investig..

[14]  Ian D. Watson,et al.  Case-based reasoning is a methodology not a technology , 1999, Knowl. Based Syst..

[15]  Chang-Tsun Li,et al.  Digital Forensic Readiness: An Insight into Governmental and Academic Initiatives , 2011, 2011 European Intelligence and Security Informatics Conference.

[16]  Hein S. Venter,et al.  TESTING AND EVALUATING THE HARMONIZED DIGITAL FORENSIC INVESTIGATION PROCESS IN POST MORTEM DIGITAL INVESTIGATIONS , 2014 .

[17]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[18]  Umeshwar Dayal,et al.  FreeSpan: frequent pattern-projected sequential pattern mining , 2000, KDD '00.

[19]  LowryPaul Benjamin,et al.  The application of model checking for securing e-commerce transactions , 2006 .

[20]  Quan Pan,et al.  A New Method to Determine Evidence Distance , 2010, 2010 International Conference on Computational Intelligence and Software Engineering.

[21]  Makoto Itoh,et al.  Theory of Evidence , 1998 .

[22]  Agnar Aamodt,et al.  Case-Based Reasoning: Foundational Issues, Methodological Variations, and System Approaches , 1994, AI Commun..

[23]  Shan Yao,et al.  Generating Attack Scenarios for Attack Intention Recognition , 2011, 2011 International Conference on Computational and Information Sciences.

[24]  Changzhen Hu,et al.  Boosting performance in attack intention recognition by integrating multiple techniques , 2011, Frontiers of Computer Science in China.