Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics
The increasing number of cyber crimes has motivated network forensics researchers to develop new techniques to analyze and investigate these crimes. Although cyber crimes produce a large volume of evidence, analyzing and measuring the extent of the damages caused by these crimes are difficult becaus...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2013
|
| Subjects: | |
| Online Access: | http://eprints.usm.my/43822/1/Mohammad%20Rasmi%20Hassun%20Mosa24.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-usm-ep.43822 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-usm-ep.438222019-04-12T05:26:13Z Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics 2013-06 Mosa, Mohammad Rasmi Hassun QA75.5-76.95 Electronic computers. Computer science The increasing number of cyber crimes has motivated network forensics researchers to develop new techniques to analyze and investigate these crimes. Although cyber crimes produce a large volume of evidence, analyzing and measuring the extent of the damages caused by these crimes are difficult because of the overwhelming amount of evidence involved in each case. Thus, current cyber crime investigation techniques are costly and time consuming. In addition, these techniques normally use active and reactive processes to analyze cyber crimes, and such processes start after the cyber crime has been identified, which makes identifying useful evidence difficult. Moreover, the information required to understand and analyze cyber crime factors such as the intention and strategy of the crime are limited. This thesis proposes a new framework to analyze cyber crime evidence. The proposed framework aims to use cyber crime evidence to reconstruct attack intentions and estimate similar attack strategies. The intentions are identified through a new algorithm called Attack Intention Analysis, which predicts cyber crime intentions by combining Dempster-Shafer theory and a causal network. Similar attack strategies have been estimated by using one of the two proposed methods. The first method creates a new model that uses evidence when the intentions for a cyber crime are undetected. This model aims to measure similar evidence between new and pre-existing cyber crime cases to estimate similar strategies. 2013-06 Thesis http://eprints.usm.my/43822/ http://eprints.usm.my/43822/1/Mohammad%20Rasmi%20Hassun%20Mosa24.pdf application/pdf en public phd doctoral Universiti Sains Malaysia Pusat Pengajian Sains Komputer |
| institution |
Universiti Sains Malaysia |
| collection |
USM Institutional Repository |
| language |
English |
| topic |
QA75.5-76.95 Electronic computers Computer science |
| spellingShingle |
QA75.5-76.95 Electronic computers Computer science Mosa, Mohammad Rasmi Hassun Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics |
| description |
The increasing number of cyber crimes has motivated network forensics researchers to develop new techniques to analyze and investigate these crimes. Although cyber crimes produce a large volume of evidence, analyzing and measuring the extent of the damages caused by these crimes are difficult because of the overwhelming amount of evidence involved in each case. Thus, current cyber crime investigation techniques are costly and time consuming. In addition, these techniques normally use active and reactive processes to analyze cyber crimes, and such processes start after the cyber crime has been identified, which makes identifying useful evidence difficult. Moreover, the information required to understand and analyze cyber crime factors such as the intention and strategy of the crime are limited.
This thesis proposes a new framework to analyze cyber crime evidence. The proposed framework aims to use cyber crime evidence to reconstruct attack intentions and estimate similar attack strategies. The intentions are identified through a new algorithm called Attack Intention Analysis, which predicts cyber crime intentions by combining Dempster-Shafer theory and a causal network. Similar attack strategies have been estimated by using one of the two proposed methods. The first method creates a new model that uses evidence when the intentions for a cyber crime are undetected. This model aims to measure similar evidence between new and pre-existing cyber crime cases to estimate similar strategies. |
| format |
Thesis |
| qualification_name |
Doctor of Philosophy (PhD.) |
| qualification_level |
Doctorate |
| author |
Mosa, Mohammad Rasmi Hassun |
| author_facet |
Mosa, Mohammad Rasmi Hassun |
| author_sort |
Mosa, Mohammad Rasmi Hassun |
| title |
Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics |
| title_short |
Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics |
| title_full |
Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics |
| title_fullStr |
Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics |
| title_full_unstemmed |
Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics |
| title_sort |
quantitative computational framework for analyzing evidence to identify attack intention and strategy in network forensics |
| granting_institution |
Universiti Sains Malaysia |
| granting_department |
Pusat Pengajian Sains Komputer |
| publishDate |
2013 |
| url |
http://eprints.usm.my/43822/1/Mohammad%20Rasmi%20Hassun%20Mosa24.pdf |
| _version_ |
1747821285427118080 |