Metrics for network forensics conviction evidence

2009 International Conference for Internet Technology and Secured Transactions, (ICITST) Pub Date : 2009-11-01 DOI:10.1109/ICITST.2009.5402640

A. Amran, R. Phan, D. Parish

{"title":"Metrics for network forensics conviction evidence","authors":"A. Amran, R. Phan, D. Parish","doi":"10.1109/ICITST.2009.5402640","DOIUrl":null,"url":null,"abstract":"Evaluation of forensics evidence is an essential step in proving the malicious intents of an attacker or adversary and the severity of the damages caused to any network. This paper takes a step forward showing how security metrics can be used to sustain a sense of credibility to network evidence gathered as an elaboration and extension to an embedded feature of Network Forensic Readiness (NFR) — Redress that is defined as holding intruders responsible. We propose a procedure of evidence acquisition in network forensics where we then analyse sample of packet data in order to extract useful information as evidence through a formalised intuitive model, based on capturing adversarial behaviour and layer analysis. We then apply the Common Vulnerability Scoring System (CVSS) metrics to show that a forensics metrics system could assess the severity of network attacks committed, thus giving a degree of credibility to the evidence gathered. This way, hard evidence could be objectively collected to lend support to the resource-intensive process of investigation and litigation, leading to successful conviction, while reducing effort expended on the process.","PeriodicalId":251169,"journal":{"name":"2009 International Conference for Internet Technology and Secured Transactions, (ICITST)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference for Internet Technology and Secured Transactions, (ICITST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITST.2009.5402640","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

Abstract

Evaluation of forensics evidence is an essential step in proving the malicious intents of an attacker or adversary and the severity of the damages caused to any network. This paper takes a step forward showing how security metrics can be used to sustain a sense of credibility to network evidence gathered as an elaboration and extension to an embedded feature of Network Forensic Readiness (NFR) — Redress that is defined as holding intruders responsible. We propose a procedure of evidence acquisition in network forensics where we then analyse sample of packet data in order to extract useful information as evidence through a formalised intuitive model, based on capturing adversarial behaviour and layer analysis. We then apply the Common Vulnerability Scoring System (CVSS) metrics to show that a forensics metrics system could assess the severity of network attacks committed, thus giving a degree of credibility to the evidence gathered. This way, hard evidence could be objectively collected to lend support to the resource-intensive process of investigation and litigation, leading to successful conviction, while reducing effort expended on the process.

查看原文本刊更多论文

网络取证定罪证据指标

取证证据的评估是证明攻击者或对手的恶意意图以及对任何网络造成损害的严重程度的必要步骤。本文向前迈进了一步，展示了如何使用安全度量来维持收集到的网络证据的可信性，这是对网络取证准备(NFR)的一个嵌入式特性的阐述和扩展——纠正被定义为追究入侵者的责任。我们提出了一个在网络取证中获取证据的程序，然后我们分析数据包数据样本，以便通过基于捕获对抗行为和层分析的形式化直观模型提取有用的信息作为证据。然后，我们应用通用漏洞评分系统(CVSS)指标来显示取证指标系统可以评估所犯网络攻击的严重程度，从而为所收集的证据提供一定程度的可信度。这样，就可以客观地收集确凿的证据，为资源密集的调查和诉讼过程提供支持，从而导致成功定罪，同时减少在这一过程中花费的精力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2009 International Conference for Internet Technology and Secured Transactions, (ICITST)

自引率

0.00%

发文量