Title :
Optimised clustering method for reducing challenges of network forensics
Author :
Nehinbe, Joshua Ojo
Author_Institution :
Sch. of Comput. Sci. & Electron. Eng. Syst., Univ. of Essex, Colchester, UK
Abstract :
Network forensics are challenging because of numerous quantities of low level alerts that are generated by network intrusion detectors generate to achieve high detection rates. However, clustering analyses are insufficient to establish overall patterns, sequential dependencies and precise classifications of attacks embedded in of low level alerts. This is because there are several ways to cluster a set of alerts especially if the alerts contain clustering criteria that have several values. Consequently, it is difficult to promptly select an appropriate clustering technique for investigating computer attacks and to concurrently handle the tradeoffs between interpretations and clustering of low level alerts effectively. Accordingly, alerts, attacks and corresponding countermeasures are frequently mismatched. Hence, several realistic attacks easily circumvent early detections. Therefore, in this paper, intrusive alerts were clustered and the quality of each cluster was evaluated. The results demonstrate how a measure of entropy can be used to establish suitable clustering technique for investigating computer attacks.
Keywords :
computer forensics; computer network security; pattern classification; pattern clustering; clustering criteria; computer attack investigation; intrusive alerts; network forensics; network intrusion detectors; optimised clustering method; Algorithm design and analysis; Detectors; Entropy; Forensics; IP networks; Intrusion detection; Protocols; Clustering criteria; Entropy; Intrusion detectors; bad clusters; clustering good clusters;
Conference_Titel :
Computer Science and Electronic Engineering Conference (CEEC), 2010 2nd
Conference_Location :
Colchester
Print_ISBN :
978-1-4244-9029-5
DOI :
10.1109/CEEC.2010.5606495
