By Topic

The network coordinative forensics technology base on data provenance

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Huang Wen ; Network Center, Hunan Univ. of Sci. & Eng., Yongzhou, China ; Wen Chun-sheng

At present there is no good security tool that can directly associate analysis to the multi-step attack on network, and reconstruct invading process to obtain the criminal evidence. So a new approach of network coordinative forensics based on data provenance was presented: Set up a log server with SYSLOG mechanism, obtain logs provenance databases with Perm rewrite technology, position multi-step attacker with where provenance, and reconfiguration attack process with why provenance. Data provenance theory and experiment results proved that the new approach is feasible and effective.

Published in:

Information Technology and Artificial Intelligence Conference (ITAIC), 2011 6th IEEE Joint International  (Volume:2 )

Date of Conference:

20-22 Aug. 2011