Network forensics with Neurofuzzy techniques

Forensics science is based on a methodology composed by a group of stages, being the analysis one of them. Analysis is responsible to determine when a data constitutes evidence; and as a consequence it can be presented to a court. When the amount of data in a Network is small, its analysis is relatively simple, but when it is huge the data analysis becomes a challenge for the forensics expert. In this paper a forensics network model is proposed, which allows to obtain the existing evidence in an involved TCP/IP network. This Model uses the Fuzzy Logic and the Artificial Neural Networks to detect the Network flows that realize suspicious activities in the network or hosts, minimizing also the cost and the time to process the information in order to discriminate which are normal network flows and which has been subjected to attacks and intrusions.

[1]  Lefteri H. Tsoukalas,et al.  Fuzzy and neural approaches in engineering , 1997 .

[2]  Y. Demidova,et al.  Neural Network Approach of Attack's Detection In the Network Traffic , 2007, 2007 9th International Conference - The Experience of Designing and Applications of CAD Systems in Microelectronics.

[3]  David F. Andersen,et al.  Preliminary System Dynamics Maps of the Insider Cyber-threat Problem , 2004 .

[4]  Wei Wang,et al.  Diffusion and graph spectral methods for network forensic analysis , 2006, NSPW '06.

[5]  Dong-Geun Kim,et al.  A fuzzy logic based expert system as a network forensics , 2004, 2004 IEEE International Conference on Fuzzy Systems (IEEE Cat. No.04CH37542).

[6]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[7]  Bruce J. Nikkel Generalizing sources of live network evidence , 2005, Digital Investigation. The International Journal of Digital Forensics and Incident Response.

[8]  Cal Waits,et al.  First Responders Guide to Computer Forensics , 2005 .

[9]  Keith Marzullo,et al.  Principles-driven forensic analysis , 2005, NSPW '05.

[10]  Abdul Azim Abd Ghani,et al.  Advances in computer forensics , 2008 .

[11]  Wanlei Zhou,et al.  Mark-aided distributed filtering by using neural network for DDoS defense , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[12]  E. Rosti,et al.  Trusted Internet forensics: design of a network forensics appliance , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..