By Topic

Non-Statistical metrics for estimating redundancies in forensic investigations of network intrusions

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Nehinbe, J.O. ; Univ. of Essex, Colchester, UK

Most statistical methods do not perfectly conform to real cases of cyber crimes. Consequently, using statistical methods to analyze intrusion logs in order to present evidentiary values in courts of law are often refuted as baseless and inadmissible evidences regardless of the input spent to generate the reports and whether the reports are well-grounded evidences or not. Sometimes, complainants are often bewildered and confused because it is almost certain that the prime suspects will be absolved in courts of law. These are tragic developments to computer security experts, corporate and private organizations that leverage on the usage of the Internet facilities to boost service delivery, business activities and profitability. Thus, this paper presents non-statistical metrics that adopt Serialization Modelling Method (S2M) to improve interpretations of intrusion logs. The approach instantiates tokens and serializes alerts triggered by Snort using well-defined values. Experiments illustrate that duplicate tokens or patterns of alerts that exhibit increased propensity are indicative of redundant alerts to a certain degree.

Published in:

Computer Modeling and Simulation (EMS), 2011 Fifth UKSim European Symposium on

Date of Conference:

16-18 Nov. 2011