You are here

Efficiency of Network Event logs as Admissible Digital Evidence

Authors: 

Aadil Al-Mahrouqi, Sameh Abdalla, Tahar Kechadi

Publication Type: 
Refereed Conference Meeting Proceeding
Abstract: 
The large number of event logs generated in a typical network is increasingly becoming an obstacle for forensic investigators to analyze and use to detect and verify malicious activities. Research in the area of network forensics is trying to address the challenge of using network logs to reconstruct attack scenarios by proposing events correlation models. In this paper we introduce and examine a new network forensics model that makes network event-logs admissible in the court of low. The idea of our model is to collect available logs from connected network devices and then apply Support Vectors Machine (SVMs) in order to filter out anomaly intrusion, and re-route these logs to a central repository where a event-logs management functions are applied.
Conference Name: 
Science and Information Conference 2015
Proceedings: 
Science and Information Conference 2015
Digital Object Identifer (DOI): 
10.1109/SAI.2015.7237305
Publication Date: 
28/07/2015
Conference Location: 
United Kingdom (excluding Northern Ireland)
Institution: 
National University of Ireland, Dublin (UCD)
Open access repository: 
Yes
Publication document: