Network forensics based on fuzzy logic and expert system

Computer Communications

Volumn 32, Issue 17, 2009, Pages 1881-1892

  Liao, Niandong ^a   Tian, Shengfeng ^a   Wang, Tinghua ^a  

^a BEIJING JIAOTONG UNIVERSITY   (China)

Author keywords

Expert system; Fuzzy logic; Intrusion detection system; Network forensics; Vulnerability scanning

Indexed keywords

ANALYZING SYSTEM; CLASSIFICATION RATES; DAMAGED SYSTEMS; DETECTION SENSORS; DIGITAL EVIDENCE; EXISTING METHOD; EXPERIMENTAL COMPARISON; EXPERT KNOWLEDGE; FORENSIC INFORMATION; IN-NETWORK; INTRUSION DETECTION SYSTEM; NETWORK FORENSICS; NETWORK TRAFFIC; RESEARCH AREAS; SHARP INCREASE; VULNERABILITY SCANNING;

COMPUTER CRIME; DIGITAL DEVICES; EXPERT SYSTEMS; FUZZY SETS; INTERNET; INTRUSION DETECTION; PERSONAL COMPUTING; SCANNING;

FUZZY LOGIC;

EID: 69249213464     PISSN: 01403664     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.comcom.2009.07.013     Document Type: Article

References (51)

1. Warren G.K., and Jay G.H. Computer Forensics: Incident Response Essentials (2001), Addison-Wesley, New York
2. D.G. Wang, T. Li, S.J. Liu, J.H. Zhang, C.M. Liu, Dynamical network forensics based on immune agent, in: Third International Conference on Natural Computation (ICNC 2007), 2007, pp. 651-656.
3. Safeback. Available from: .
4. Encase. Available from: .
5. Institute for Security Technology Studies. Available from: .
6. Wang W., and Thomas E.D. A graph based approach toward network forensics analysis. ACM Transactions on Information and Systems Security 12 1 (2008)
7. A.B. Ashfaq, M.J. Robert, A. Mumtaz, M.Q. Ali, A. Sajjad, S.A. Khayam, A comparative evaluation of anomaly detectors under portscan attacks, in: Recent Advances in Intrusion Detection (RAID 2008), 2008, pp. 351-371.
8. Symantec Internet Security Threat Reports XIV. Available from: .
9. J. Owens, J. Matthews, A study of passwords and methods used in brute-force SSH attacks, Available from: .
10. The Honeynet Project and Research Alliance. Available from: , October 2008.
11. SANS Institute, SANS Top-20 2007 Security Risks (2007 Annual Update). Available from: .
12. Sy Bon K. Integrating intrusion alert information to aid forensic explanation: An analytical intrusion detection framework for distributive IDS. Information Fusion 10 4 (2009) 325-341
13. Perdisci R., Ariu D., Fogla P., Giacinto G., and Lee W. McPAD: a multiple classifier system for accurate payload-based anomaly detection. Computer Networks 53 (2009) 864-881
14. L. Yu, B. Chen, J.M. Xiao, An integrated system of intrusion detection based on rough set and wavelet neural Network, in: Third International Conference on Natural Computation (ICNC 2007), 2007, pp. 194-199.
15. W. Lu, A.A. Ghorbani, Network anomaly detection based on wavelet analysis, EURASIP Journal on Advances in Signal Processing, 2009. Available from: .
16. Wang W., Guan X.H., and Zhang X.L. Processing of massive audit data streams for real-time anomaly intrusion detection. Computer Communications 31 (2008) 58-72
17. Thomas D.S., and Forcht K. Legal methods of using computer forensics techniques for computer crime analysis and investigation. Issues in Information System 5 2 (2004) 693
18. Liu Z.Q., Lin D.D., and Feng D.G. Fuzzy decision tree based inference techniques for network forensic analysis. Journal of Software 18 10 (2007) 2635-2644
19. A. Goel, W.C. Feng, D. Marier, J. Walpole, Forensix: a robust, high-performance reconstruction system, in: 25th IEEE International Conference on Distributed Computing Systems Workshops, 2005, pp. 155-162.
20. Khan M.N.A., Chatwin C.R., and Young R.C.D. A framework for post-event timeline reconstruction using neural networks. Digital Investigation 4 (2007) 146-157
21. Arasteh A.R., Debbabi M., Sakha A., and Saleh M. Analyzing multiple logs for forensic evidence. Digital Investigation 4S (2007) S82-S91
22. Mukkamala S., and Sung A.H. Identifying significant features for network forensic analysis using artificial intelligent techniques. International Journal of Digital Evidence 1 4 (2003) 1-7
23. J.S. Kim, D.G. Kim, B.N. Noh, A fuzzy logic based expert system as a network forensic, in: Proc. ICCSA 2004. LNCS 3043, 2004, pp. 175-182.
24. Grote G., and Künzler C. Diagnosis of safety culture in safety management audits. Safety Science 34 (2000) 131-150
25. Guldenmund F.W. The nature of safety culture: are view of theory and research. Safety Science 34 (2000) 215-257
26. Na M.G., Shin S.H., Lee S.M., Jung D.W., Kim S.P., Jeong J.H., and Lee B.C. Prediction of major transient scenarios for severe accidents of nuclear power plants. IEEE Transactions on Nuclear Science 51 2 (2004) 313-321
27. Azadeha A., Famb I.M., Khoshnouda M., and Nikafrouz M. Design and implementation of a fuzzy expert system for performance assessment of an integrated health safety environment (HSE) and ergonomics system: the case of a gas refinery. Information Sciences 78 (2008) 4280-4300
28. Wang Y.M., Chin K.S., Poon G.K.K., and Wang J.B. Risk evaluation in failure mode and effects analysis using fuzzy weighted geometric mean. Expert Systems with Applications 36 (2009) 1195-1207
29. Ou C.W., and Chou S.Y. International distribution center selection from a foreign market perspective using a weighted fuzzy factor rating system. Expert Systems with Applications 36 (2009) 1773-1782
30. H. Ishibuchi, T. Yamamoto, T. Nakashima, Determination of rule weights of fuzzy association rules, in: Proc. 10th IEEE International Fuzzy Systems Conference, 2001, pp. 1555-1558.
31. Yang J.B., Liu J., Xu D.L., Wang J., and Wang H.W. Optimal learning method for training belief rule based systems. IEEE Transactions on Systems Man and Cybernetics - Part A: Systems and Humans 37 4 (2007) 569-585
32. Xu D.L., Liu J., Yang J.B., Liu G.P., Wang J., et al. Inference and learning methodology of belief-rule-based expert system for pipeline leak detection. Expert Systems with Applications 32 1 (2007) 103-113
33. Liao N.D., and Tian S.F. Research of the dynamical rule generation for intrusion detection system. Journal of Beijing Jiaotong University 32 5 (2008) 116-120 (in Chinese)
34. Yager R.R. A procedure for ordering fuzzy subsets of the unit interval. Information Sciences 24 (1981) 143-161
35. Tang M.T., Tzeng G.H., and Wang S.W. A hierarchy fuzzy MCDM method for studying electronic marketing strategies in the information service industry. Journal of International Information Management 8 1 (1999) 1-22
36. Tsaur S.H., Tzeng G.H., and Wang G.C. Evaluating tourist risks from fuzzy perspectives. Annals of Tourism Research 24 4 (1997) 796-812
37. Yao J.S.L., Ouyang Y., and Chang H.C. Models for a fuzzy inventory of two replaceable merchandises without backorder based on the signed distance of fuzzy sets. European Journal of Operational research 150 (2003) 601-616
38. DARPA. Available from: .
39. M. Mahoney, P. Chan, An analysis of the 1999 DARPA/Lincoln Laboratory evaluation data for network anomaly detection, in: Recent Advances in Intrusion Detection (RAID 2004), 2004, pp. 220-237.
40. Riech K., and Laskov P. Language models for detection of unknown attacks in network traffic. Journal in Computer Virology 2 (2007) 243-256
41. Zhou J.M., Heckman M., Reynolds B., Carlson A., and Bishop M. Modeling network intrusion detection alerts for correlation. ACM Transaction on Information and System Security 10 1 (2007) 1-31
42. Beghdad R. Efficient deterministic method for detecting new U2R attacks. Computer Communications 32 (2009) 1104-1110
43. Lee K., Kim J., Kwon K.H., Han Y., and Kim S. DDoS attack detection method using cluster analysis. Expert Systems with Applications 34 (2008) 1659-1665
44. Snare 2003, SNARE-System intrusion analysis and reporting environment. Available from:
45. Tcpreplay. Available from: .
46. Domingos P., and Pazzaini M. On the optimality of the simple Bayesian classification under zero-one class loss. Machine Learning 29 203 (1997) 103-130
47. Han J., and Kamber M. Data Mining: Concepts and Techniques. second ed. (2006), Morgan Kaufmann, San Francisco
48. Quinlan J.R. C4.5: Programs for Machine Learning (1993), Morgan Kuafmann
49. Keerthi S.S., Shevade S.K., Hattacharyya C., and Murthy K.R.K. Improvements to Platt's SMO algorithm for SVM classifier design. Neural Computation 13 3 (2001) 636-649
50. Strace. Available from: .
51. Zadeh L.A. Fuzzy sets. Information and Control 8 (1965) 338-353