On the Novel Network Forensics Perspective of Enhanced E-Business Security

E-business security is crucial to the development of e-business. Due to the complexity and characteristics of e-business security, the current approaches for security focus on preventing the network intrusion or misusing in advanced and seldom concern of the forensics data requiring for the investigation after the network attack or fraud. We discuss the method for resolving the problem of the e-business security from the different side of view - network forensics approaches – from the thinking of the active protection or defense for the e-business security, which can also improve the ability of emergence response and incident investigation for e-business security. It is also for the first time to systematically discuss the network forensics evidence source, network forensics principles, network forensics functions and network forensics techniques

Network forensic Log analysis

Network forensics log analysis is the capturing, recording, and analysis of network events in order to discover the source of security attacks. An investigator needs to back up these recorded data to free up recording media and to preserve the data for future analysis. An investigator needs to perform network forensics process to determine which type of an attack over a network and to trace out the culprit. In the cyber-crime world huge log data, transactional data occurs which tends to plenty of data for storage and analyze them. It is difficult for forensic investigators to keep on playing with time and to find out the clues and analyze those collected data. In network forensic analysis, it involves network traces and detection of attacks. The trace involves an Intrusion Detection System and firewall logs, logs generated by network services and applications, packet captures. Network forensics is a branch of digital forensics that focuses on the monitoring and analysis of network traffic. Unlike other areas of digital forensics that focus on stored or static data, network forensics deals with volatile and dynamic data. It generally has two uses. The first, relating to security, involves detecting anomalous traffic and identifying intrusions. The second use, relating to law enforcement according to the chain of custody rule, involves capturing and Analyzing network traffic and can include tasks such as reassembling transferred files.“Stop, look and listen” systems, in which each packet is analysed in a rudimentary way in memory and only certain information saved for current analysis. On this analysis, we propose to archive data using various tools and provide a “unified structure” based on a standard forensic process. This different unified structured IDS data are use to store and preserve in a place, which would be use to present as an evidence in court by the forensic analysis. DOI: 10.17762/ijritcc2321-8169.15053

A Tensor-Based Forensics Framework for Virtualized Network Functions in the Internet of Things: Utilizing Tensor Algebra in Facilitating More Efficient Network Forensic Investigations

With the ever-increasing network traffic and Internet connectivity of smart devices, more attack events are being reported. As a result, network forensics remains a topic of ongoing research interest in the Internet of Things (IoT). In this article, we present a novel tensor-based forensics approach for virtualized network functions (VNFs). An event tensor model is proposed to formalize the network events, and then, it is used for effectively updating the core event tensor. We then introduce a similarity tensor model to integrate the core event tensors on the orchestration and management layer in the network function virtualization (NFV) framework. Finally, we present an evidence tensor model for network forensics, where we demonstrate how evidence tensors can be merged

Packet analysis for network forensics: A comprehensive survey

Packet analysis is a primary traceback technique in network forensics, which, providing that the packet details captured are sufficiently detailed, can play back even the entire network traffic for a particular point in time. This can be used to find traces of nefarious online behavior, data breaches, unauthorized website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc. sent over the network. This paper is a comprehensive survey of the utilization of packet analysis, including deep packet inspection, in network forensics, and provides a review of AI-powered packet analysis methods with advanced network traffic classification and pattern identification capabilities. Considering that not all network information can be used in court, the types of digital evidence that might be admissible are detailed. The properties of both hardware appliances and packet analyzer software are reviewed from the perspective of their potential use in network forensics

Android Encrypted Network Traffic to Identify User Actions

Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation. Network forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions. Nowadays use of mobile apps to communicate with friends. Not only communication purpose it gets information about sensitive topics such as diseases, sexual or religious preferences, etc. Numerous worries have been raised about the capabilities of these portable devices to occupy the privacy of users actually becoming “tracking devices”. Above problem they influence in our work to find solution using machine learning techniques. It is used to protect the content of a packet. Our framework analyzes the network communications and leverages information available in TCP/IP packets like IP addresses and ports, together with other information like the size, the direction, and the timing. Our system, for each app they ?rst pre-process a dataset of network packets labeled with the user actions that originated them, they cluster them in ?ow typologies that represent recurrent network ?ows, and ?nally it analyze them in order to create a training set that will be used to feed a classi?er. The trained classi?er will then be able to classify new traf?c traced. Our approach results shows it accuracy and precision more than 95% for most of the considered actions