A Method of Network Forensics Analysis Based on Frequent Sequence Mining
For the mistaken report and false alarm occurring frequently in intrusion detection system (IDS), the evidence based on forensics system of IDS is inefficient and low credibility. Frequent sequence mining based on Jpcap is proposed for network forensics analysis. After fetching and filtering network data package, the system mines data with frequent sequence according to the evidence relevance to build and update signature database of offense, and judges whether the current user’s behavior is legal in the network forensics analysis stage or not. Simulation results show that the algorithm of frequent sequence mining can identify the new crime behavior and improve the credibility and efficiency of evidence in network forensics analysis.
Shaobo Zhong, Yimin Cheng and Xilong Qu
X. Y. Zhong "A Method of Network Forensics Analysis Based on Frequent Sequence Mining", Applied Mechanics and Materials, Vols. 50-51, pp. 578-582, 2011