Efficiency of Network Event logs as Admissible Digital Evidence
|Title:||Efficiency of Network Event logs as Admissible Digital Evidence||Authors:||Al-Mahrouqi, Aadil
|Permanent link:||http://hdl.handle.net/10197/6481||Date:||30-Jul-2015||Abstract:||The large number of event logs generated in atypical network is increasingly becoming an obstacle for forensicinvestigators to analyze and use to detect and verify maliciousactivities. Research in the area of network forensics is trying toaddress the challenge of using network logs to reconstruct attackscenarios by proposing events correlation models. In this paperwe introduce and examine a new network forensics model thatmakes network event-logs admissible in the court of low. The ideaof our model is to collect available logs from connected networkdevices and then apply Support Vectors Machine (SVMs) in orderto filter out anomaly intrusion, and re-route these logs to a centralrepository where a event-logs management functions are applied.||Funding Details:||Science Foundation Ireland||Type of material:||Conference Publication||Start page:||1257||End page:||1265||Copyright (published version):||2015 IEEE||Keywords:||Machine learning; Statistics; SVMs; Evidence reliability; Network evidence admissibility; Authentication of evidence; Best evidence||DOI:||10.1109/SAI.2015.7237305||Other versions:||http://thesai.org/SAIConference2015||Language:||en||Status of Item:||Peer reviewed||Conference Details:||2015 Science and Information Conference, London, United Kingdom, 28-30 July 2015|
|Appears in Collections:||Computer Science Research Collection|
Insight Research Collection
Show full item record
This item is available under the Attribution-NonCommercial-NoDerivs 3.0 Ireland. No item may be reproduced for commercial purposes. For other possible restrictions on use please refer to the publisher's URL where this is made available, or to notes contained in the item itself. Other terms may apply.