Now showing 1 - 5 of 5
  • Publication
    Efficiency of Network Event logs as Admissible Digital Evidence
    The large number of event logs generated in atypical network is increasingly becoming an obstacle for forensicinvestigators to analyze and use to detect and verify maliciousactivities. Research in the area of network forensics is trying toaddress the challenge of using network logs to reconstruct attackscenarios by proposing events correlation models. In this paperwe introduce and examine a new network forensics model thatmakes network event-logs admissible in the court of low. The ideaof our model is to collect available logs from connected networkdevices and then apply Support Vectors Machine (SVMs) in orderto filter out anomaly intrusion, and re-route these logs to a centralrepository where a event-logs management functions are applied.
    Scopus© Citations 3  479
  • Publication
    Simulating SQL-Injection Cyber-attacks using GNS3
    (International Journal of Computer Theory and Engineering, 2015-02-13) ; ; ;
    Network Forensics is a subtopic of Digital Forensics wherein research on artificat investigations and intrusions evidence acquisition is addressed. Among many challenges in the field, the problem of losing data artifacts in the state of flux, (i.e., live volatile data), when network devices are suddenly non-operational remains a topic of interest to many investigators. The main objective of this article is to simulate an SQL injection attack scenarios in a complex network environment. We designed and simulated a typical Demilitarized Zone (DMZ) network environment using Graphical Network Simulator (GNS3), Virtual Box and VMware workstation. Using this set-up we are now able to simulate specific network devices configuration, perform SQL injection attacks against victim machines and collect network logs. The main motivation of our work is to finally define an attack pathway prediction methodology that makes it possible to examine the network artifacts collected in case network attacks.
      1217
  • Publication
    Network Forensics Readiness and Security Awareness Framework
    The goal of reaching a high level of security in wirelessand wired communication networks is continuously provendifficult to achieve. The speed at which both keepers and violatorsof secure networks is evolving is relatively close. Nowadaysnetwork infrastructures contain a large number of event logscaptured by Firewalls and Domain Controllers (DCs). However,these logs are increasingly becoming an obstacle for networkadministrators in analyzing networks for malicious activities.Forensic investigators mission to detect malicious activities andreconstruct incident scenarios is very complex considering thenumber as well as the quality of these event logs. In this paper,we present the building blocks of a framework for automatednetwork readiness and awareness. The idea of this frameworkis to utilize the current network security outputs to constructforensically comprehensive evidence. In the proposed framework,we cover the three vital phases of the cybercrime managementchain, which are: 1) Forensics Readiness, 2) Active Forensics, and3) Forensics Awareness. Keywords: Network Forensics, ForensicsReadiness, Network Security,Active Forensics, Reactive Forensics,Forensics Awareness and Network Security Framework.
      414
  • Publication
    Cyberspace Challenges and Law Limitations
    Privacy and Data security are heating topic in the modern technologically advanced economy. Technological Innovations have created new forms of electronic data which are more vulnerable to theft or loss when compared to traditional data storage. Moreover, the recent advances in internet technologies have exacerbated the risk of security threats. The Internet brings a whole new set of challenges in terms of data protection. Considering the complexities of modern technological advancements and its impact on data security, this study examines the Irish laws and EU directives for privacy and data security, its effectiveness in managing large scale data breaches and limitations. This paper also simulates attack scenarios that can be done by anonymous users in a complex cyberspace environment and explains how a digital evidence related to the attack scenario can be tracked down.
      1189
  • Publication
    E-government Alerts Correlation Model
    Qatars IT infrastructure is rapidly growing to encompass the evolution of businesses and economical growth the country is increasingly witnessing throughout its industries. It is now evident that the countrys e-government requirements and associated data management systems are becoming large in number, highly dynamic in nature, and exceptionally attractive for cybercrime activities. Protecting the sensitive data e-government portals are relying on for daily activities is not a trivial task. The techniques used to perform cybercrimes are becoming sophisticated relatively with the firewalls protecting them. Reaching high-level of data protection, in both wired and wireless networks, in order to face recent cybercrime approaches is a challenge that is continuously proven hard to achieve.In a common IT infrastructure, the deployed network devices contain a number of event logs that reside locally within its memory. These logs are in large numbers, and therefore, analyzing them is a time consuming task for network administrators. In addition, a single network event often generates a redundancy of similar event logs that belong to the same class within short time intervals. The large amount of redundancy logs makes it difficult to manage them during forensics investigation. In most cybercrime cases, a single alert log does not contain sufficient information about malicious actionsbackground and invisible network attackers. The information for a particular malicious action or attacker is often distributed among multiple alert logs and among multiple network devices. Forensic investigators mission is to detect malicious activities and reconstruct incident scenarios is now very complex considering the number as well as the quality of these event logs.
      356