Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics

The increasing number of cyber crimes has motivated network forensics researchers to develop new techniques to analyze and investigate these crimes. Although cyber crimes produce a large volume of evidence, analyzing and measuring the extent of the damages caused by these crimes are difficult becaus...

Full description

Saved in:
Bibliographic Details
Main Author: Mosa, Mohammad Rasmi Hassun
Format: Thesis
Language:English
Published: 2013
Subjects:
Online Access:http://eprints.usm.my/43822/1/Mohammad%20Rasmi%20Hassun%20Mosa24.pdf
http://eprints.usm.my/43822/
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Sains Malaysia
Language: English
Description
Summary:The increasing number of cyber crimes has motivated network forensics researchers to develop new techniques to analyze and investigate these crimes. Although cyber crimes produce a large volume of evidence, analyzing and measuring the extent of the damages caused by these crimes are difficult because of the overwhelming amount of evidence involved in each case. Thus, current cyber crime investigation techniques are costly and time consuming. In addition, these techniques normally use active and reactive processes to analyze cyber crimes, and such processes start after the cyber crime has been identified, which makes identifying useful evidence difficult. Moreover, the information required to understand and analyze cyber crime factors such as the intention and strategy of the crime are limited. This thesis proposes a new framework to analyze cyber crime evidence. The proposed framework aims to use cyber crime evidence to reconstruct attack intentions and estimate similar attack strategies. The intentions are identified through a new algorithm called Attack Intention Analysis, which predicts cyber crime intentions by combining Dempster-Shafer theory and a causal network. Similar attack strategies have been estimated by using one of the two proposed methods. The first method creates a new model that uses evidence when the intentions for a cyber crime are undetected. This model aims to measure similar evidence between new and pre-existing cyber crime cases to estimate similar strategies.