Abstract
The popularity of the Internet has increased the ease of online access to malicious software, and the amount of software designed to perform denial-of-service (DoS) attacks is incalculable. This enables hackers to use online resources to easily launch attacks, posing serious threats to network security. The ultimate solution to increasingly severe DoS attacks is to identify the sources of the attacks; this is known as an IP traceback or forensics. However, the Network Forensic Analysis Tool is limited by the storage space, which significantly reduces the effects of the traceback. We proposed a Cheetah mechanism, which was proposed to overcome the disadvantage of requiring a significant data storage requirement. This involved using mechanic learning to filter irrelevant data, thereby retaining only the evidence related to DoS attacks to perform subsequent tracebacks. The experiment results confirmed that the proposed mechanism can reduce the quantity of data that requires storage and maintain a certain level of forensic accuracy.
Similar content being viewed by others
References
Cheng B-C, Chen H, Tseng R-Y (2010) Quality assurance evidence collection model for MSN forensics. J Intell Manuf 21(5):613–622
Snoeren AC, Partridge C, Sanchez LA, Jones CE (2001) Hash-Based IP Traceback. SIGCOMM-’01, pp. 27–31
Bellovin S (2003) ICMP Traceback Messages. Internet Draft: draft-ietf-itrace-04.txt
Savage S, Wetherall D, Karlin A, Anderson T (2000) Practical network support for IP traceback. ACM SIGCOMM Comput Commun Rev 30(4):295–306
Hunt R, Zeadally S (2012) Network forensics: an analysis of techniques, tools, and trends. IEEE Comput 45(12):36–43
Kang S, Reddy AL (2006) An approach to virtual allocation in storage systems. ACM Trans Storage 2(4):371–399
Ziv J, Lempel A (1977) A universal algorithm for sequential data compression. IEEE Trans Inf Theory 23(3):337–343
Ziv J, Lempel A (1978) Compression of individual sequences via variable-rate coding. IEEE Trans Inf Theory 24(5):530–536
Pan D (1995) A tutorial on MPEG/audio compression. IEEE Multimed 2(2):60–74
Geer D (2008) Reducing the storage burden via data deduplication. Computer 41(12):15–17
Namey E, Guest G, Thairu L, Johnson L (2008) Data reduction techniques for large qualitative datasets. In: Guest G, MacQueen K (eds) Handbook for Team-Based Qualitative Research. Altamira, Lanham, pp 137–161
Boyatzis RE (1998) Transforming Qualitative Information: Thematic Analysis and Code Development. Sage Publications, Thousand Oaks, CA
Braun V, Clarke V (2006) Using thematic analysis in psychology. Qual Res Psychol 3(2):77–101
Stone R (2000) CenterTrack: An IP Overlay Network for Tracking DoSFloods. The 9-th USENIX Security Symposium, pp. 199–212
Burch H, Cheswick B (2000) Tracing Anonymous Packets to Their Approximate Source. The 14-th USENIX Conference on Systems Administration, pp. 319–328
Chen Y, Hwang K (2007) TCP Flow Analysis for Defense against Shrew DDoS Attacks. IEEE International Conference on, Communications
Jiang L, Zhang H, Cai Z (2009) A novel Bayes model: hidden naive Bayes. IEEE Trans Knowl Data Eng 21(10):1361–1371
Freeman JA, Skapura DM (1991) Neural Networks Algorithms Applications and Programming Techniques. Addison-Wesley, Reading, Michigan
Chickering DM (1996) Learning Bayesian Networks is NP-Complete. Springer-Verlag, in Fisher, D. and Lenz, H., editors, Learning from Data: Artificial Intelligence and Statistics V, pp. 121–130
Friedman N, Geiger D, Goldszmidt M (1997) Bayesian network classifiers. Mach Learn 29:131–163
Chen LM, Chen MC, Sun YS, Hsiao SW, Sekar V, Zhang H (2009) Scalable Long-term Network Forensics for Epidemic Attacks. International Conference on Network and Service Security (N2S '09), pp. 1–6
Kdd cup (1999) dat. Retrieved June 01, 2011. Available: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Wu K, Liu C, Xiao Y, Liu J (2009) Delay-constrained optimal data aggregation in hierarchical wireless sensor networks. Mob Netw Appl 14(5):571–589
Bellman RE (1961) Adaptive control processes: a guided tour. Princeton University Press, Princeton
Li H, Zhang G, Li D, Li X (2008) Computation on Attribute Importance of Classification Based on Cloud Model. 2008 International Conference on Computational Intelligence for Modeling Control & Automation, pp. 879–883
Sima C, Dougherty ER (2008) The peaking phenomenon in the presence of feature-selection. Pattern Recogn Lett 29(11):1667–1674
Acknowledgments
This research was supported in part by the Bureau of Energy, Ministry of Economic Affairs, R.O.C. and Industrial Technology Research Institute.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Cheng, BC., Liao, GT., Huang, HC. et al. Cheetah: a space-efficient HNB-based NFAT approach to supporting network forensics. Ann. Telecommun. 69, 379–389 (2014). https://doi.org/10.1007/s12243-013-0404-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-013-0404-5