Abstract
Network forensic plays an important role in the modern network environment for computer security, but it has become a time-consuming and daunting task due to the sheer amount of data involved. This paper proposes a new method for constructing incremental fuzzy decision trees based on network service type to reduce the human intervention and time-cost, and to improve the comprehensibility of the results. At the end of paper, we discuss the performance of the forensic system and present the result of experiments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Mukkamala, S., Sung, A.H.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. International Journal of Digital Evidence 1(4) (Winter 2003)
Heiser, J.: Must-haves for your network forensic toolbox, February 11 (2004), http://searchsecurity.techtarget.com/tip/
Janikow, C.Z.: Fuzzy decision trees: Issues and methods. IEEE Transactions on Systems, Man and Cybernetics 28(1), 1–14 (1998)
Stolfo, S.J., Fan, W., Lee, W., et al.: Cost-based Modeling and Evaluation for Data Mining With Application to Fraud and Intrusion Detection: Results from the JAM Project.
Carbone, P.L.: Data mining or knowledge discovery in databases: An overview. In: Data Management Handbook. Auerbach Publications, New York (1997)
Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proc. of the 7th USENIX Security Symp., San Antonio, TX. USENIX (1998)
Lee, W., Stolfo, S.J., Mok, K.W.: Mining in a data-flow environment:Experience in network intrusion detection. In: Chaudhuri, S., Madigan, D. (eds.) Proc. of the Fifth International Conference on Knowledge Discovery and Data Mining (KDD 1999), San Diego, CA, pp. 114–124. ACM, New York (1999)
Fayyad, U.M., Irani, K.B.: Multi-interval discretization of continuous valued attributes for classification learning. In: Proc of the 13th IJCAI, France, pp. 1022–1027 (1993)
Guetova, M., Holldobler, S., Storr, H.-P.: Incremental Fuzzy Decision Trees. In: Jarke, M., Koehler, J., Lakemeyer, G. (eds.) KI 2002. LNCS (LNAI), vol. 2479, p. 67. Springer, Heidelberg (2002)
Zimmermann, H.J.: Fuzzy Set Theory and Its Applications. Kluwer Academic Publishers, Dordrecht (1996)
Ranum, M.: Network Flight Recorder, http://www.ranum.com/
Digital Forensic Research Workshop.: A Road Map for Digital Forensic Research (2001)
Kim, J.-S., Kim, M., Noh, B.-N.: A Fuzzy Expert System for Network Forensics. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 175–182. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, Z., Feng, D. (2005). Incremental Fuzzy Decision Tree-Based Network Forensic System. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_148
Download citation
DOI: https://doi.org/10.1007/11596981_148
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30819-5
Online ISBN: 978-3-540-31598-8
eBook Packages: Computer ScienceComputer Science (R0)