Title :
Efficiency of network event logs as admissible digital evidence
Author :
Al-Mahrouqi, Aadil ; Abdalla, Sameh ; Kechadi, Tahar
Author_Institution :
Sch. of Comput. Sci. & Inf., Univ. Coll. Dublin, Dublin, Ireland
Abstract :
The large number of event logs generated in a typical network is increasingly becoming an obstacle for forensic investigators to analyze and use to detect and verify malicious activities. Research in the area of network forensic is trying to address the challenge of using network logs to reconstruct attack scenarios by proposing event correlation models. In this paper we introduce a new network forensics model that makes network event-logs admissible in the court of law. Our model collects available logs from connected network devices, applies decision tree algorithm in order to filter anomaly intrusion, then re-route the logs to a central repository where event-logs management functions are applied.
Keywords :
computer network security; decision trees; digital forensics; admissible digital evidence; anomaly intrusion; decision tree algorithm; event correlation models; event-logs management functions; malicious activity detection; network event logs; network forensics model; Computer crime; Computer science; Computers; Data mining; Forensics; Reliability; Authentication of Evidence; Best Evidence; Evidence Reliability; Network Evidence Admissibility; SVMs;
Conference_Titel :
Science and Information Conference (SAI), 2015
Conference_Location :
London
DOI :
10.1109/SAI.2015.7237305
