Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics

The increasing number of cyber crimes has motivated network forensics researchers to develop new techniques to analyze and investigate these crimes. Although cyber crimes produce a large volume of evidence, analyzing and measuring the extent of the damages caused by these crimes are difficult becaus...

Full description

Saved in:
Bibliographic Details
Main Author: Mosa, Mohammad Rasmi Hassun
Format: Thesis
Language:English
Published: 2013
Subjects:
Online Access:http://eprints.usm.my/43822/1/Mohammad%20Rasmi%20Hassun%20Mosa24.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-usm-ep.43822
record_format uketd_dc
spelling my-usm-ep.438222019-04-12T05:26:13Z Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics 2013-06 Mosa, Mohammad Rasmi Hassun QA75.5-76.95 Electronic computers. Computer science The increasing number of cyber crimes has motivated network forensics researchers to develop new techniques to analyze and investigate these crimes. Although cyber crimes produce a large volume of evidence, analyzing and measuring the extent of the damages caused by these crimes are difficult because of the overwhelming amount of evidence involved in each case. Thus, current cyber crime investigation techniques are costly and time consuming. In addition, these techniques normally use active and reactive processes to analyze cyber crimes, and such processes start after the cyber crime has been identified, which makes identifying useful evidence difficult. Moreover, the information required to understand and analyze cyber crime factors such as the intention and strategy of the crime are limited. This thesis proposes a new framework to analyze cyber crime evidence. The proposed framework aims to use cyber crime evidence to reconstruct attack intentions and estimate similar attack strategies. The intentions are identified through a new algorithm called Attack Intention Analysis, which predicts cyber crime intentions by combining Dempster-Shafer theory and a causal network. Similar attack strategies have been estimated by using one of the two proposed methods. The first method creates a new model that uses evidence when the intentions for a cyber crime are undetected. This model aims to measure similar evidence between new and pre-existing cyber crime cases to estimate similar strategies. 2013-06 Thesis http://eprints.usm.my/43822/ http://eprints.usm.my/43822/1/Mohammad%20Rasmi%20Hassun%20Mosa24.pdf application/pdf en public phd doctoral Universiti Sains Malaysia Pusat Pengajian Sains Komputer
institution Universiti Sains Malaysia
collection USM Institutional Repository
language English
topic QA75.5-76.95 Electronic computers
Computer science
spellingShingle QA75.5-76.95 Electronic computers
Computer science
Mosa, Mohammad Rasmi Hassun
Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics
description The increasing number of cyber crimes has motivated network forensics researchers to develop new techniques to analyze and investigate these crimes. Although cyber crimes produce a large volume of evidence, analyzing and measuring the extent of the damages caused by these crimes are difficult because of the overwhelming amount of evidence involved in each case. Thus, current cyber crime investigation techniques are costly and time consuming. In addition, these techniques normally use active and reactive processes to analyze cyber crimes, and such processes start after the cyber crime has been identified, which makes identifying useful evidence difficult. Moreover, the information required to understand and analyze cyber crime factors such as the intention and strategy of the crime are limited. This thesis proposes a new framework to analyze cyber crime evidence. The proposed framework aims to use cyber crime evidence to reconstruct attack intentions and estimate similar attack strategies. The intentions are identified through a new algorithm called Attack Intention Analysis, which predicts cyber crime intentions by combining Dempster-Shafer theory and a causal network. Similar attack strategies have been estimated by using one of the two proposed methods. The first method creates a new model that uses evidence when the intentions for a cyber crime are undetected. This model aims to measure similar evidence between new and pre-existing cyber crime cases to estimate similar strategies.
format Thesis
qualification_name Doctor of Philosophy (PhD.)
qualification_level Doctorate
author Mosa, Mohammad Rasmi Hassun
author_facet Mosa, Mohammad Rasmi Hassun
author_sort Mosa, Mohammad Rasmi Hassun
title Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics
title_short Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics
title_full Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics
title_fullStr Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics
title_full_unstemmed Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics
title_sort quantitative computational framework for analyzing evidence to identify attack intention and strategy in network forensics
granting_institution Universiti Sains Malaysia
granting_department Pusat Pengajian Sains Komputer
publishDate 2013
url http://eprints.usm.my/43822/1/Mohammad%20Rasmi%20Hassun%20Mosa24.pdf
_version_ 1747821285427118080