Current Proceedings on Technology
Yazarlar: Aman Jantan, Mohammad Rasmi
Konular:-
Anahtar Kelimeler:Attack strategy,Network forensic analysis,Cosine similarity,Evidence classification,Cyber crimes
Özet: Attack strategies have increasingly become more sophisticated in cyber crime, which makes it extremely difficult to identify an accurate attack strategy. Most attack strategy techniques depend on alert correlation that has a number of limitations such as requiring a larger number of predefined attributes, hard implementation, and at the same time having inadequacy to discover the casual relationships between the related attributes. Determining the attack strategy makes it easier for network forensic investigators to draw a possible comprehensive frame of the criminal case. In addition, it will hopefully make the investigation process even more accurate as to help apprehend the real crime perpetrator. This paper proposes an Agile Similarity Attack Strategy (ASAS) model that estimates the similar evidence between a new criminal case and others. The model uses the classification method based on a relation between attack evidence priorities with evidence group values, presented as a vector. Furthermore, the model uses a cosine similarity as a distance-based similarity measure (Metric Axioms) to improve the quality of decision making. Experiments were performed on real network data traffic from our university research labs where data traffic holds a Teredo attack to evaluate the proposed model. From the similarity metric output observation, ASAS will hopefully help an investigator to predict an attack strategy as an estimation value in order to decrease, time, effort and processing cost.