Internet Forensics Framework Based-on Clustering
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2013, Vol 4, Issue 12
Abstract
Internet network attacks are complicated and worth studying. The attacks include Denial of Service (DoS). DoS attacks that exploit vulnerabilities found in operating systems, network services and applications. Indicators of DoS attacks, is when legitimate users cannot access the system. This paper proposes a framework for Internet based forensic logs that aims to assist in the investigation process to reveal DoS attacks. The framework in this study consists of several steps, among others : logging into the text file and database as well as identifying an attack based on the packet header length. After the identification process, logs are grouped using k-means clustering algorithm into three levels of attack (dangerous, rather dangerous and not dangerous) based on port numbers and tcpflags of the package. Based on the test results the proposed framework can be grouped into three level attacks and found the attacker with a success rate of 89,02%, so, it can be concluded that the proposed framework can meet the goals set in this research.
Authors and Affiliations
Imam Riadi, Jazi Istiyanto, Ahmad Ashari, Subanar
Keywords
Related Articles
- EP ID EP88333
- DOI 10.14569/IJACSA.2013.041217
- Views 104
- Downloads 0
Formalization of UML Composite Structure using Colored Petri Nets
Design specification and requirement analysis, during development process involved in transformation of real world problems to software system are subjected to severe issues owing to involvement of semantics. Though, for...
Agent based Bandwidth Reservation Routing Technique in Mobile Ad Hoc Networks
In mobile ad hoc networks (MANETs), inefficient resource allocation causes heavy losses to the service providers and results in inadequate user proficiency. For improving and automating the quality of service of MA...
Developing a Candidate Registration System for Zambia School Examinations using the Cloud Model
Cloud computing has in the recent past gained a lot of ground in this digital age. The use of cloud technologies in business has broken barriers in sharing information making the world one big global village. Regardless...
A Multiple-Objects Recognition Method Based on Region Similarity Measures: Application to Roof Extraction from Orthophotoplans
In this paper, an efficient method for automatic and accurate detection of multiple objects from images using a region similarity measure is presented. This method involves the construction of two knowledge databases: Th...
An Spin / Promela Application for Model checking UML Sequence Diagrams
UML sequence diagrams usually represent the behavior of systems execution. Automated verification of UML sequence diagrams’ correctness is necessary because they can model critical algorithmic behaviors of information sy...