Title :
Attack Pattern Discovery in Forensic Investigation of Network Attacks
Author_Institution :
Fac. of Bus. & Inf. Technol., Univ. of Ontario Inst. of Technol., Oshawa, ON, Canada
fDate :
8/1/2011 12:00:00 AM
Abstract :
We mine the logs of network traffic data to find the contexts of attacks; we call them attack patterns. We propose an iterative algorithm for discovering attack patterns via a feedback mechanism, with the degrees of belief for attack instances propagated to the next iteration to further refine the search. Our simulations verify that the algorithm achieves accuracy in discovering attack patterns. Our attack pattern discovery has the additional advantage of being an unsupervised algorithm, e.g., it does not require a priori user-defined thresholds.
Keywords :
computer forensics; computer network security; data mining; iterative methods; attack pattern discovery; forensic investigation; network attacks; network traffic data; Forensics; Heuristic algorithms; IP networks; Payloads; Probability distribution; Random variables; Security; attack patterns; network forensics; security; suspicion feedback;
Journal_Title :
Selected Areas in Communications, IEEE Journal on
DOI :
10.1109/JSAC.2011.110802
