DeepAI AI Chat
Log In Sign Up

RCNF: Real-time Collaborative Network Forensic Scheme for Evidence Analysis

by   Nour Moustafa, et al.

Network forensic techniques help in tracking different types of cyber attack by monitoring and inspecting network traffic. However, with the high speed and large sizes of current networks, and the sophisticated philosophy of attackers, in particular mimicking normal behaviour and/or erasing traces to avoid detection, investigating such crimes demands intelligent network forensic techniques. This paper suggests a real-time collaborative network Forensic scheme (RCNF) that can monitor and investigate cyber intrusions. The scheme includes three components of capturing and storing network data, selecting important network features using chi-square method and investigating abnormal events using a new technique called correntropy-variation. We provide a case study using the UNSW-NB15 dataset for evaluating the scheme, showing its high performance in terms of accuracy and false alarm rate compared with three recent state-of-the-art mechanisms.


page 4

page 5


False Data Injection Cyber-Attack Detection

State estimation estimates the system condition in real-time and provide...

A Case Study of the 2016 Korean Cyber Command Compromise

On October 2016 the South Korean cyber military unit was the victim of a...

Real-Time Cyberattack Detection with Offline and Online Learning

This paper presents several novel algorithms for real-time cyberattack d...

A Novel Hybrid Method for Network Anomaly Detection Based on Traffic Prediction and Change Point Detection

In recent years, computer networks have become more and more advanced in...

Oscilloscope: Detecting BGP Hijacks in the Data Plane

The lack of security of the Internet routing protocol (BGP) has allowed ...

Statistical Modelling of Computer Network Traffic Event Times

This paper introduces a statistical model for the arrival times of conne...