Skip to main content
SpringerLink
Log in

Incremental Fuzzy Decision Tree-Based Network Forensic System

  • Conference paper
Computational Intelligence and Security (CIS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3802))

Included in the following conference series:

Abstract

Network forensic plays an important role in the modern network environment for computer security, but it has become a time-consuming and daunting task due to the sheer amount of data involved. This paper proposes a new method for constructing incremental fuzzy decision trees based on network service type to reduce the human intervention and time-cost, and to improve the comprehensibility of the results. At the end of paper, we discuss the performance of the forensic system and present the result of experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Mukkamala, S., Sung, A.H.: Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques. International Journal of Digital Evidence 1(4) (Winter 2003)

    Google Scholar 

  2. Heiser, J.: Must-haves for your network forensic toolbox, February 11 (2004), http://searchsecurity.techtarget.com/tip/

  3. Janikow, C.Z.: Fuzzy decision trees: Issues and methods. IEEE Transactions on Systems, Man and Cybernetics 28(1), 1–14 (1998)

    Google Scholar 

  4. http://www.tcpdump.org

  5. Stolfo, S.J., Fan, W., Lee, W., et al.: Cost-based Modeling and Evaluation for Data Mining With Application to Fraud and Intrusion Detection: Results from the JAM Project.

    Google Scholar 

  6. Carbone, P.L.: Data mining or knowledge discovery in databases: An overview. In: Data Management Handbook. Auerbach Publications, New York (1997)

    Google Scholar 

  7. Lee, W., Stolfo, S.J.: Data mining approaches for intrusion detection. In: Proc. of the 7th USENIX Security Symp., San Antonio, TX. USENIX (1998)

    Google Scholar 

  8. Lee, W., Stolfo, S.J., Mok, K.W.: Mining in a data-flow environment:Experience in network intrusion detection. In: Chaudhuri, S., Madigan, D. (eds.) Proc. of the Fifth International Conference on Knowledge Discovery and Data Mining (KDD 1999), San Diego, CA, pp. 114–124. ACM, New York (1999)

    Chapter  Google Scholar 

  9. Fayyad, U.M., Irani, K.B.: Multi-interval discretization of continuous valued attributes for classification learning. In: Proc of the 13th IJCAI, France, pp. 1022–1027 (1993)

    Google Scholar 

  10. Guetova, M., Holldobler, S., Storr, H.-P.: Incremental Fuzzy Decision Trees. In: Jarke, M., Koehler, J., Lakemeyer, G. (eds.) KI 2002. LNCS (LNAI), vol. 2479, p. 67. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Zimmermann, H.J.: Fuzzy Set Theory and Its Applications. Kluwer Academic Publishers, Dordrecht (1996)

    MATH  Google Scholar 

  12. Ranum, M.: Network Flight Recorder, http://www.ranum.com/

  13. Digital Forensic Research Workshop.: A Road Map for Digital Forensic Research (2001)

    Google Scholar 

  14. Kim, J.-S., Kim, M., Noh, B.-N.: A Fuzzy Expert System for Network Forensics. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 175–182. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, 100080, China

    Zaiqiang Liu & Dengguo Feng

Authors
  1. Zaiqiang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microelectronic Instiute, Xidian University, 710071, Xi’an, China

    Yue Hao

  2. Department of Computer Science, Hong Kong Baptist University, Kowloon Tong, Hong Kong

    Jiming Liu

  3. School of Computer Science and Technology, Xidian University, Xi’an, China

    Yu-Ping Wang

  4. Department of Computer Science, Hong Kong Baptist University, Hong Kong,  

    Yiu-ming Cheung

  5. School of Electrical and Electronic Engineering, University of Manchester, UK

    Hujun Yin

  6. Life Science Research Center, School of Electronic Engineering, Xidian University, 710071, Xi’an, Shaanxi, China

    Licheng Jiao

  7. Key Laboratory of Computer Networks and Information Security(Ministry of Education), Xidian University, 710071, Xi’an, China

    Jianfeng Ma

  8. National Laboratory of Antennas and Microwave Technology, Xidian University, 710071, Xi’an, Shanxi, P.R. China

    Yong-Chang Jiao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Liu, Z., Feng, D. (2005). Incremental Fuzzy Decision Tree-Based Network Forensic System. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_148

Download citation

  • DOI: https://doi.org/10.1007/11596981_148

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30819-5

  • Online ISBN: 978-3-540-31598-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation