Network Forensic Analysis via Vulnerability Evidence Reasoning
- Cheng-Yue Chang, Jing-Sha He
- Corresponding Author
- Cheng-Yue Chang
Available Online November 2016.
- https://doi.org/10.2991/ceis-16.2016.48How to use a DOI?
- network forensics; evidence graph; event vector; vulnerability evidence reasoning
- In this article, we propose a novel method that uses vulnerability evidence reasoning in network forensics analysis. Central to our method is the evidence graph model to support evidence presentation and reasoning. Based on the evidence graph, we propose a network forensics method that built the evidence graph on the basis of the network system vulnerabilities and environmental information. At the same time, the proposed method can realize the reconstruction of attack scenarios with high efficiency and with the capability of identifying multi-staged at-tacks through evidence reasoning. Results of the experiment that we conducted would show that the proposed method is complete and credible with certain reasoning ability, which can be a powerful tool for rapid and effective network forensic analysis.
- Open Access
- This is an open access article distributed under the CC BY-NC license.
Cite this article
TY - CONF AU - Cheng-Yue Chang AU - Jing-Sha He PY - 2016/11 DA - 2016/11 TI - Network Forensic Analysis via Vulnerability Evidence Reasoning BT - 2016 International Conference on Computer Engineering and Information Systems PB - Atlantis Press SN - 2352-538X UR - https://doi.org/10.2991/ceis-16.2016.48 DO - https://doi.org/10.2991/ceis-16.2016.48 ID - Chang2016/11 ER -