Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
Improving Payload Attribution Systems for Network Forensic Applications
Hosseini, Mohammad | 2019
380
Viewed
- Type of Document: Ph.D. Dissertation
- Language: Farsi
- Document No: 52334 (19)
- University: Sharif University of Technology
- Department: Computer Engineering
- Advisor(s): Jahangir, Amir Hossein
- Abstract:
- Payload Attribution Systems (PAS) are one of the most important tools of network forensics for detecting offenders and victims after the occurrence of a cybercrime. A PAS stores the network traffic history in order to detect the source and destination pair of a certain data stream in case a malicious activity occurs on the network. The huge volume of information that is daily transferred in the network means that the data stored by a PAS must be as compact and concise as possible. Moreover, the investigation of this large volume of data for a malicious data stream must be handled within a reasonable time. For this purpose, several techniques based on storing a digest of traffic using Bloom filters have been proposed in the literature. The false positive rate of existing techniques for detecting cybercriminals is unacceptably high, i.e., many source and destination pairs are falsely determined as malicious, making it difficult to detect the true criminal. Moreover, they have neither the ability to respond to queries for wildcard queries nor to find data similar to a queried excerpt. This dissertation improves the performance of payload attribution systems so that they fulfill the requirements of network forensic applications
- Keywords:
- Network Forensics ; Payload Attribution ; Digesting ; Compression ; Network Traffic
Digital Object List
-
محتواي کتاب
- view
Bookmark