A real-time network intrusion forensics method based on evidence reasoning network

Zhi Hong Tian; Xiang Zhan Yu; Hong Li Zhang; Bin Xing Fang

doi:10.3724/SP.J.1016.2014.01184

A real-time network intrusion forensics method based on evidence reasoning network

Zhi Hong Tian^*
, Xiang Zhan Yu
, Hong Li Zhang
, Bin Xing Fang

^*Corresponding author for this work

School of Computer Science and Technology, Harbin Institute of Technology

Research output: Contribution to journal › Article › peer-review

10 Scopus citations

Abstract

Based on the analysis of problems about the existing network intrusion forensics systems, this paper proposed a real-time network intrusion forensics method according to the evidence reasoning network (NetForensic). This method connected the concept of vulnerability correlation with the field of network intrusion forensics. It built the evidence reasoning network on the basis of the network system vulnerabilities and environmental information. At the same time, NetForensic realized the attack scenario reconstruction and with high efficiency in use of the reasoning ability of multi-staged attacks provided by the evidence reasoning network. Experimental data shows that NetForensic has supplied a complete and credible chain of evidence and it also has the capacity for real-time reasoning. All of these provide a strong guarantee for the rapid and effective evidence investigation.

Original language	English
Pages (from-to)	1184-1194
Number of pages	11
Journal	Jisuanji Xuebao/Chinese Journal of Computers
Volume	37
Issue number	5
DOIs	https://doi.org/10.3724/SP.J.1016.2014.01184
State	Published - May 2014
Externally published	Yes

Keywords

Evidence chain
Evidence reasoning network
Information security
Intrusion forensics
Network security
Vulnerability

Access to Document

10.3724/SP.J.1016.2014.01184

Cite this

@article{8f17b45fbd4843d5b9a1024a53200a52,

title = "A real-time network intrusion forensics method based on evidence reasoning network",

abstract = "Based on the analysis of problems about the existing network intrusion forensics systems, this paper proposed a real-time network intrusion forensics method according to the evidence reasoning network (NetForensic). This method connected the concept of vulnerability correlation with the field of network intrusion forensics. It built the evidence reasoning network on the basis of the network system vulnerabilities and environmental information. At the same time, NetForensic realized the attack scenario reconstruction and with high efficiency in use of the reasoning ability of multi-staged attacks provided by the evidence reasoning network. Experimental data shows that NetForensic has supplied a complete and credible chain of evidence and it also has the capacity for real-time reasoning. All of these provide a strong guarantee for the rapid and effective evidence investigation.",

keywords = "Evidence chain, Evidence reasoning network, Information security, Intrusion forensics, Network security, Vulnerability",

author = "Tian, \{Zhi Hong\} and Yu, \{Xiang Zhan\} and Zhang, \{Hong Li\} and Fang, \{Bin Xing\}",

year = "2014",

month = may,

doi = "10.3724/SP.J.1016.2014.01184",

language = "英语",

volume = "37",

pages = "1184--1194",

journal = "Jisuanji Xuebao/Chinese Journal of Computers",

issn = "0254-4164",

publisher = "Science Press ",

number = "5",

}

TY - JOUR

T1 - A real-time network intrusion forensics method based on evidence reasoning network

AU - Tian, Zhi Hong

AU - Yu, Xiang Zhan

AU - Zhang, Hong Li

AU - Fang, Bin Xing

PY - 2014/5

Y1 - 2014/5

N2 - Based on the analysis of problems about the existing network intrusion forensics systems, this paper proposed a real-time network intrusion forensics method according to the evidence reasoning network (NetForensic). This method connected the concept of vulnerability correlation with the field of network intrusion forensics. It built the evidence reasoning network on the basis of the network system vulnerabilities and environmental information. At the same time, NetForensic realized the attack scenario reconstruction and with high efficiency in use of the reasoning ability of multi-staged attacks provided by the evidence reasoning network. Experimental data shows that NetForensic has supplied a complete and credible chain of evidence and it also has the capacity for real-time reasoning. All of these provide a strong guarantee for the rapid and effective evidence investigation.

AB - Based on the analysis of problems about the existing network intrusion forensics systems, this paper proposed a real-time network intrusion forensics method according to the evidence reasoning network (NetForensic). This method connected the concept of vulnerability correlation with the field of network intrusion forensics. It built the evidence reasoning network on the basis of the network system vulnerabilities and environmental information. At the same time, NetForensic realized the attack scenario reconstruction and with high efficiency in use of the reasoning ability of multi-staged attacks provided by the evidence reasoning network. Experimental data shows that NetForensic has supplied a complete and credible chain of evidence and it also has the capacity for real-time reasoning. All of these provide a strong guarantee for the rapid and effective evidence investigation.

KW - Evidence chain

KW - Evidence reasoning network

KW - Information security

KW - Intrusion forensics

KW - Network security

KW - Vulnerability

UR - https://www.scopus.com/pages/publications/84901586700

U2 - 10.3724/SP.J.1016.2014.01184

DO - 10.3724/SP.J.1016.2014.01184

M3 - 文章

AN - SCOPUS:84901586700

SN - 0254-4164

VL - 37

SP - 1184

EP - 1194

JO - Jisuanji Xuebao/Chinese Journal of Computers

JF - Jisuanji Xuebao/Chinese Journal of Computers

IS - 5

ER -

A real-time network intrusion forensics method based on evidence reasoning network

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this