Abstract
Network forensic techniques help track cyber attacks by monitoring and analyzing network traffic. However, due to the large volumes of data in modern networks and sophisticated attacks that mimic normal behavior and/or erase traces to avoid detection, network attack investigations demand intelligent and efficient network forensic techniques. This chapter proposes a network forensic scheme for monitoring and investigating network-based attacks. The scheme captures and stores network traffic data, selects important network traffic features using the chi-square statistic and detects anomalous events using a novel correntropy-variation technique. An evaluation of the network forensic scheme employing the UNSW-NB15 dataset demonstrates its utility and high performance compared with three state-of-the-art approaches.
Chapter PDF
Similar content being viewed by others
References
M. Ambusaidi, X. He, P. Nanda and Z. Tan, Building an intrusion detection system using a filter-based feature selection algorithm, IEEE Transactions on Computers, vol. 65(10), pp. 2986–2998, 2016.
R. Bao, H. Rong, P. Angelov, B. Chen and P. Wong, Correntropy-based evolving fuzzy neural system, to appear in IEEE Transactions on Fuzzy Systems.
R. Brandom, A new ransomware attack is infecting airlines, banks and utilities across Europe, The Verge, June 27, 2017.
L. Chen, D. Divakaran, A. Ang, W. Lim and V. Thing, FACT: A framework for authentication in cloud-based IP traceback, IEEE Transactions on Information Forensics and Security, vol. 12(3), pp. 604–616, 2017.
Y. Chen and M. Chen, Using chi-square statistics to measure similarities for text categorization, Expert Systems with Applications, vol. 38(4), pp. 3085–3090, 2011.
N. Clarke, F. Li and S. Furnell, A novel privacy preserving user identification approach for network traffic, Computers and Security, vol. 70, pp. 335–350, 2017.
A. Diamah, M. Mohammadian and B. Balachandran, Network security evaluation method via attack graphs and fuzzy cognitive maps, Proceedings of the Fourth International Conference on Intelligent Decision Technologies, vol. 2, pp. 433–440, 2012.
B. Hazarika and S. Medhi, Survey of real-time security mechanisms in network forensics, International Journal of Computer Applications, vol. 151(2), 2016.
J. He, C. Chang, P. He and M. Pathan, Network forensic method based on evidence graph and vulnerability reasoning, Future Internet, vol. 8(4), article no. 9, 2016.
M. Ibrahim, M. Abdullah and A. Dehghantanha, VoIP evidence model: A new forensic method for investigating VoIP malicious attacks, Proceedings of the International Conference on Cyber Security, Cyber Warfare and Digital Forensics, pp. 201–206, 2012.
S. Khan, A. Ghani, A. Wahab, M. Shiraz and I. Ahmad, Network forensics: Review, taxonomy and open challenges, Journal of Network and Computer Applications, vol. 66, pp. 214–235, 2016.
S. Khan, M. Shiraz, A. Wahab, A. Ghani, Q. Han and Z. Rahman, A comprehensive review of the adaptability of network forensic frameworks for mobile cloud computing, The Scientific World Journal, vol. 2014, article id. 547062, 2014.
Y. Li, Y. Wang, F. Yang, S. Su and D. Yan, Deterministic packet marking based on the coordination of border gateways, Proceedings of the Second International Conference on Education Technology and Computers, vol. 2, pp. 154–161, 2010.
C. Liu, A. Singhal and D. Wijesekera, A probabilistic network forensic model for evidence analysis, in Advances in Digital Forensics XII, G. Peterson and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 189–210, 2016.
H. Liu and H. Motoda, Computational Methods of Feature Selection, Chapman and Hall/CRC, Boca Raton, Florida, 2008.
J. Liu, G. Tian and S. Zhu, Design and implementation of a network forensic system based on intrusion detection analysis, Proceedings of the International Conference on Control Engineering and Communications Technology, pp. 689–692, 2012.
W. Liu, P. Pokharel and J. Principe, Correntropy: Properties and applications in non-Gaussian signal processing, IEEE Transactions on Signal Processing, vol. 55(11), pp. 5286–5298, 2007.
N. Moustafa and J. Slay, UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 Network Data Set), Proceedings of the Military Communications and Information Systems Conference, 2015.
N. Moustafa, J. Slay and G. Creech, Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation in large-scale networks, to appear in IEEE Transactions on Big Data.
P. Saurabh and B. Verma, An efficient proactive artificial immune system based anomaly detection and prevention system, Expert Systems with Applications, vol. 60, pp. 311–320, 2016.
A. Shalaginov and K. Franke, Big data analytics by automated generation of fuzzy rules for network forensic readiness, Applied Soft Computing, vol. 52, pp. 359–375, 2017.
M. Srinivas and A. Sung, Identifying significant features for network forensic analysis using artificial intelligence techniques, International Journal of Digital Evidence, vol. 1(4), 2003.
T. Tafazzoli, E. Salahi and H. Gharaee, A proposed architecture for network forensic systems in large-scale networks, International Journal of Computer Networks and Communications, vol. 7(4), pp. 43–56, 2015.
Z. Tan, A. Jamdagni, X. He, P. Nanda and R. Liu, A system for denial-of-service attack detection based on multivariate correlation analysis, IEEE Transactions on Parallel and Distributed Systems, vol. 25(2), pp. 447–456, 2014.
S. Thompson, Sampling, John Wiley and Sons, Hoboken, New Jersey, 2012.
K. Wang, M. Du, Y. Sun, A. Vinel and Y. Zhang, Attack detection and distributed forensics in machine-to-machine networks, IEEE Network, vol. 30(6), pp. 49–55, 2016.
X. Wang and X. Wang, Topology-assisted deterministic packet marking for IP traceback, Journal of China Universities of Posts and Telecommunications, vol. 17(2), pp. 116–121, 2010.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 IFIP International Federation for Information Processing
About this paper
Cite this paper
Moustafa, N., Slay, J. (2018). A Network Forensic Scheme Using Correntropy-Variation for Attack Detection. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XIV. DigitalForensics 2018. IFIP Advances in Information and Communication Technology, vol 532. Springer, Cham. https://doi.org/10.1007/978-3-319-99277-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-99277-8_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99276-1
Online ISBN: 978-3-319-99277-8
eBook Packages: Computer ScienceComputer Science (R0)