Forensic Profiling System

  • P. Kahai
  • M. Srinivasan
  • K. Namuduri
  • R. Pendse
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 194)


Hacking and network intrusion incidents are on the increase. However, a major drawback to identifying and apprehending malicious individuals is the lack of efficient attribution mechanisms. This paper proposes a forensic profiling system that accommodates real-time evidence collection as a network feature to address the difficulties involved in collecting evidence against attackers.


Forensic profile intrusion detection alert probe audit trail 


  1. [1]
    J. Barrus and N. Rowe, A distributed autonomous agent network intrusion detection and response system, Proceedings of the Command and Control Research Technology Symposium, pp. 577–586, 1998.Google Scholar
  2. [2]
    A. Chuvakin, FTP Attack Case Study, Part I: The Analysis ( 2002.Google Scholar
  3. [3]
    F. Cuppens, Managing alerts in a multi intrusion detection environment, Proceedings of the Seventeenth Annual Computer Security Applications Conference, 2001.Google Scholar
  4. [4]
    F. Cuppens and A. Miège, Alert correlation in a cooperative intrusion detection framework, Proceedings of the IEEE Symposium on Security and Privacy, 2002.Google Scholar
  5. [5]
    H. Debar and A. Wespi, Aggregation and correlation of intrusion detection alerts, Proceedings of the Fourth International Workshop on Recent Advances in Intrusion Detection, pp. 85–103, 2001.Google Scholar
  6. [6]
    M. Huang, R. Jasper and T. Wicks, A large-scale distributed intrusion detection framework based on attack strategy analysis, Proceedings of First International Workshop on Recent Advances in Intrusion Detection, 1998.Google Scholar
  7. [7]
    C. Kahn, D. Bolinger and D. Schnackenberg, Common Intrusion Detection Framework (, 1998.Google Scholar
  8. [8]
    P. Ning, Y. Cui and D. Reeves, Constructing attack scenarios through correlation of intrusion alerts, Proceedings of the Ninth ACM Conference on Computer Security, 2002.Google Scholar
  9. [9]
    P. Ning, X. Wang and S. Jajodia, A query facility for the common intrusion detection framework, Proceedings of the Twenty-Third National Information Systems Security Conference, pp. 317–328, 2000.Google Scholar
  10. [10]
    P. Ning, X. Wang and S. Jajodia, Abstraction-based intrusion detection in distributed environments, A CM Transactions on Information and System Security, vol. 4(4), pp. 407–452, 2001.CrossRefGoogle Scholar
  11. [11]
    P. Porras and P. Neumann, EMERALD: Event monitoring enabling responses to anomalous live disturbances, Proceedings of the Twentieth National Information Systems Security Conference, pp. 353–365, 1997.Google Scholar
  12. [12]
    K. Shanmugasundaram, N. Memon, A. Savant and H. Bronnimann, ForNet: A distributed forensics network, Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security, 2003.Google Scholar
  13. [13]
    A. Valdes and K. Skinner, Probabilistic alert correlation, Proceedings of the Fourth International Workshop on the Recent Advances in Intrusion Detection, 2001.Google Scholar
  14. [14]
    J. Yang, P. Ning and X. Wang, CARDS: A distributed system for detecting coordinated attacks, Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security, 2000.Google Scholar
  15. [15]
    N. Ye, S. Vilbert and Q. Chen, Computer intrusion detection through EWMA for autocorrelated and uncorrelated data, IEEE Transactions on Reliability, vol. 52(1), pp. 75–81, 2003.CrossRefGoogle Scholar

Copyright information

© International Federation for Information Processing 2006

Authors and Affiliations

  • P. Kahai
  • M. Srinivasan
  • K. Namuduri
  • R. Pendse

There are no affiliations available

Personalised recommendations