Skip to main content
SpringerLink
Log in

Cheetah: a space-efficient HNB-based NFAT approach to supporting network forensics

  • Published:
annals of telecommunications - annales des télécommunications Aims and scope Submit manuscript

Abstract

The popularity of the Internet has increased the ease of online access to malicious software, and the amount of software designed to perform denial-of-service (DoS) attacks is incalculable. This enables hackers to use online resources to easily launch attacks, posing serious threats to network security. The ultimate solution to increasingly severe DoS attacks is to identify the sources of the attacks; this is known as an IP traceback or forensics. However, the Network Forensic Analysis Tool is limited by the storage space, which significantly reduces the effects of the traceback. We proposed a Cheetah mechanism, which was proposed to overcome the disadvantage of requiring a significant data storage requirement. This involved using mechanic learning to filter irrelevant data, thereby retaining only the evidence related to DoS attacks to perform subsequent tracebacks. The experiment results confirmed that the proposed mechanism can reduce the quantity of data that requires storage and maintain a certain level of forensic accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Cheng B-C, Chen H, Tseng R-Y (2010) Quality assurance evidence collection model for MSN forensics. J Intell Manuf 21(5):613–622

    Article  Google Scholar 

  2. Snoeren AC, Partridge C, Sanchez LA, Jones CE (2001) Hash-Based IP Traceback. SIGCOMM-’01, pp. 27–31

  3. Bellovin S (2003) ICMP Traceback Messages. Internet Draft: draft-ietf-itrace-04.txt

  4. Savage S, Wetherall D, Karlin A, Anderson T (2000) Practical network support for IP traceback. ACM SIGCOMM Comput Commun Rev 30(4):295–306

    Article  Google Scholar 

  5. Hunt R, Zeadally S (2012) Network forensics: an analysis of techniques, tools, and trends. IEEE Comput 45(12):36–43

    Article  Google Scholar 

  6. Kang S, Reddy AL (2006) An approach to virtual allocation in storage systems. ACM Trans Storage 2(4):371–399

    Article  Google Scholar 

  7. Ziv J, Lempel A (1977) A universal algorithm for sequential data compression. IEEE Trans Inf Theory 23(3):337–343

    Article  MATH  MathSciNet  Google Scholar 

  8. Ziv J, Lempel A (1978) Compression of individual sequences via variable-rate coding. IEEE Trans Inf Theory 24(5):530–536

    Article  MATH  MathSciNet  Google Scholar 

  9. Pan D (1995) A tutorial on MPEG/audio compression. IEEE Multimed 2(2):60–74

    Article  Google Scholar 

  10. Geer D (2008) Reducing the storage burden via data deduplication. Computer 41(12):15–17

    Article  Google Scholar 

  11. Namey E, Guest G, Thairu L, Johnson L (2008) Data reduction techniques for large qualitative datasets. In: Guest G, MacQueen K (eds) Handbook for Team-Based Qualitative Research. Altamira, Lanham, pp 137–161

    Google Scholar 

  12. Boyatzis RE (1998) Transforming Qualitative Information: Thematic Analysis and Code Development. Sage Publications, Thousand Oaks, CA

    Google Scholar 

  13. Braun V, Clarke V (2006) Using thematic analysis in psychology. Qual Res Psychol 3(2):77–101

    Article  Google Scholar 

  14. Stone R (2000) CenterTrack: An IP Overlay Network for Tracking DoSFloods. The 9-th USENIX Security Symposium, pp. 199–212

  15. Burch H, Cheswick B (2000) Tracing Anonymous Packets to Their Approximate Source. The 14-th USENIX Conference on Systems Administration, pp. 319–328

  16. Chen Y, Hwang K (2007) TCP Flow Analysis for Defense against Shrew DDoS Attacks. IEEE International Conference on, Communications

    Google Scholar 

  17. Jiang L, Zhang H, Cai Z (2009) A novel Bayes model: hidden naive Bayes. IEEE Trans Knowl Data Eng 21(10):1361–1371

    Article  Google Scholar 

  18. Freeman JA, Skapura DM (1991) Neural Networks Algorithms Applications and Programming Techniques. Addison-Wesley, Reading, Michigan

    MATH  Google Scholar 

  19. Chickering DM (1996) Learning Bayesian Networks is NP-Complete. Springer-Verlag, in Fisher, D. and Lenz, H., editors, Learning from Data: Artificial Intelligence and Statistics V, pp. 121–130

  20. Friedman N, Geiger D, Goldszmidt M (1997) Bayesian network classifiers. Mach Learn 29:131–163

    Article  MATH  Google Scholar 

  21. Chen LM, Chen MC, Sun YS, Hsiao SW, Sekar V, Zhang H (2009) Scalable Long-term Network Forensics for Epidemic Attacks. International Conference on Network and Service Security (N2S '09), pp. 1–6

  22. Kdd cup (1999) dat. Retrieved June 01, 2011. Available: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  23. Wu K, Liu C, Xiao Y, Liu J (2009) Delay-constrained optimal data aggregation in hierarchical wireless sensor networks. Mob Netw Appl 14(5):571–589

    Article  Google Scholar 

  24. Bellman RE (1961) Adaptive control processes: a guided tour. Princeton University Press, Princeton

    MATH  Google Scholar 

  25. Li H, Zhang G, Li D, Li X (2008) Computation on Attribute Importance of Classification Based on Cloud Model. 2008 International Conference on Computational Intelligence for Modeling Control & Automation, pp. 879–883

  26. Sima C, Dougherty ER (2008) The peaking phenomenon in the presence of feature-selection. Pattern Recogn Lett 29(11):1667–1674

    Article  Google Scholar 

Download references

Acknowledgments

This research was supported in part by the Bureau of Energy, Ministry of Economic Affairs, R.O.C. and Industrial Technology Research Institute.

Author information

Authors and Affiliations

  1. Department of Communications Engineering, National Chung Cheng University, Chiayi, Taiwan

    Bo-Chao Cheng, Guo-Tan Liao & Hsu-Chen Huang

  2. Information and Communications Research, Industrial Technology Research Institute, Hsinchu, Taiwan

    Ping-Hai Hsu

Authors
  1. Bo-Chao Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guo-Tan Liao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hsu-Chen Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ping-Hai Hsu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guo-Tan Liao.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cheng, BC., Liao, GT., Huang, HC. et al. Cheetah: a space-efficient HNB-based NFAT approach to supporting network forensics. Ann. Telecommun. 69, 379–389 (2014). https://doi.org/10.1007/s12243-013-0404-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-013-0404-5

Keywords

Search

Navigation