Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
An effective payload attribution scheme for cybercriminal detection using compressed bitmap index tables and traffic downsampling
Hosseini, M ; Sharif University of Technology | 2018
583
Viewed
- Type of Document: Article
- DOI: 10.1109/TIFS.2017.2769018
- Publisher: Institute of Electrical and Electronics Engineers Inc , 2018
- Abstract:
- Payload attribution systems (PAS) are one of the most important tools of network forensics for detecting an offender after the occurrence of a cybercrime. A PAS stores the network traffic history in order to detect the source and destination pair of a certain data stream in case a malicious activity occurs on the network. The huge volume of information that is daily transferred in the network means that the data stored by a PAS must be as compact and concise as possible. Moreover, the investigation of this large volume of data for a malicious data stream must be handled within a reasonable time. For this purpose, several techniques based on storing a digest of traffic using Bloom filters have been proposed in the literature. The false positive rate of existing techniques for detecting cybercriminals is unacceptably high, i.e., many source and destination pairs are falsely determined as malicious, making it difficult to detect the true criminal. In order to ameliorate this problem, we have proposed a solution based on compressed bitmap index tables and traffic downsampling. Our analytical evaluation and experimental results show that the proposed method significantly reduces the false positive rate. © 2005-2012 IEEE
- Keywords:
- Bloom filter ; Cybercriminal detection ; Network forensics ; Traffic downsampling ; Data structures ; Digital forensics ; Analytical evaluation ; Bloom filters ; Cybercriminals ; Downsampling ; False positive rates ; Malicious activities ; Network traffic ; Payload attribution ; Signal sampling
- Source: IEEE Transactions on Information Forensics and Security ; Volume 13, Issue 4 , 2018 , Pages 850-860 ; 15566013 (ISSN)
- URL: https://ieeexplore.ieee.org/document/8093697