Entry Wang:2008:GBA from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Wang:2008:GBA,
  author =       "Wei Wang and Thomas E. Daniels",
  title =        "A Graph Based Approach Toward Network Forensics
                 Analysis",
  journal =      j-TISSEC,
  volume =       "12",
  number =       "1",
  pages =        "4:1--4:??",
  month =        oct,
  year =         "2008",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/1410234.1410238",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Tue Nov 11 15:54:06 MST 2008",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "In this article we develop a novel graph-based
                 approach toward network forensics analysis. Central to
                 our approach is the evidence graph model that
                 facilitates evidence presentation and automated
                 reasoning. Based on the evidence graph, we propose a
                 hierarchical reasoning framework that consists of two
                 levels. Local reasoning aims to infer the functional
                 states of network entities from local observations.
                 Global reasoning aims to identify important entities
                 from the graph structure and extract groups of densely
                 correlated participants in the attack scenario. This
                 article also presents a framework for interactive
                 hypothesis testing, which helps to identify the
                 attacker's nonexplicit attack activities from secondary
                 evidence. We developed a prototype system that
                 implements the techniques discussed. Experimental
                 results on various attack datasets demonstrate that our
                 analysis mechanism achieves good coverage and accuracy
                 in attack group and scenario extraction with less
                 dependence on hard-coded expert knowledge.",
  acknowledgement = ack-nhfb,
  articleno =    "4",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
  keywords =     "evidence graph; hierarchical reasoning; network
                 forensics",
}

Related entries

accuracy, 2(3)295, 11(2)2, 12(2)13, 12(3)17, 13(4)35, 13(4)38, 15(2)7, 15(3)12, 15(4)17, 17(3)12, 18(4)12
achieve, 9(2)181, 11(2)4, 11(4)18, 12(1)6, 13(4)38, 14(1)5, 15(2)7, 16(2)6, 17(2)6, 17(3)12, 18(4)12
activity, 2(1)65, 11(4)20, 12(2)13, 15(4)17, 16(4)14, 17(3)12
aim, 10(3)12, 11(3)13, 13(3)20, 15(3)13, 17(3)12
analysis, 1(1)66, 2(1)34, 2(2)138, 2(3)230, 2(3)332, 4(1)1, 6(4)443, 7(2)175, 7(4)489, 8(3)312, 9(3)292, 9(4)391, 10(1)2, 10(3)9, 10(3)10, 10(3)11, 10(4)2, 10(4)6, 11(2)3, 11(3)13, 11(3)15, 11(4)17, 11(4)18, 11(4)23, 12(2)10, 12(3)16, 13(1)10, 13(3)25, 13(3)26, 13(3)27, 13(4)41, 14(1)6, 14(1)8, 14(1)13, 14(2)15, 14(4)28, 15(3)14, 15(4)17, 15(4)18, 16(1)2, 16(1)4, 16(2)8, 16(3)10, 16(3)11, 16(4)14, 16(4)17, 17(1)1, 17(1)4, 17(2)7, 17(3)9, 17(4)14, 18(1)1, 18(1)4, 18(2)6
approach, 1(1)3, 1(1)26, 2(1)34, 2(2)138, 2(3)269, 2(3)295, 5(2)119, 5(3)203, 6(1)128, 7(3)392, 9(4)391, 9(4)421, 10(1)2, 10(1)4, 10(3)11, 10(3)12, 10(4)4, 11(1)3, 11(3)15, 11(3)16, 11(4)17, 11(4)19, 12(1)1, 12(2)11, 12(3)14, 13(3)20, 13(3)24, 13(4)31, 13(4)35, 13(4)36, 14(1)8, 14(3)23, 14(4)29, 15(1)4, 15(3)12, 15(3)13, 15(4)15, 15(4)17, 15(4)18, 16(2)5, 16(2)7, 16(2)8, 16(4)15, 16(4)16, 17(3)12, 17(4)14, 18(2)5, 18(2)7, 18(3)11
article, 10(1)3, 11(1)3, 11(1)4, 11(2)5, 11(3)12, 11(3)14, 11(3)15, 11(3)16, 11(4)20, 11(4)22, 11(4)23, 12(1)1, 12(1)2, 12(1)6, 12(2)8, 12(2)10, 12(2)13, 12(3)14, 12(3)16, 12(3)17, 12(3)19, 12(4)21, 12(4)22, 13(3)22, 13(3)24, 13(3)25, 13(3)27, 13(3)28, 13(4)29, 13(4)31, 13(4)32, 13(4)34, 13(4)36, 13(4)41, 14(1)2, 14(1)3, 14(1)4, 14(1)10, 14(1)13, 14(1)14, 14(3)23, 14(3)25, 14(4)30, 15(2)9, 15(2)10, 15(3)11, 15(3)12, 15(3)13, 15(4)15, 15(4)16, 15(4)17, 16(1)1, 16(1)4, 16(2)6, 16(2)7, 16(2)8, 16(3)10, 16(4)14, 16(4)15, 17(2)8, 17(3)9, 17(3)11, 17(3)12, 17(4)13, 17(4)16, 18(1)3, 18(2)5, 18(2)7, 18(3)9, 18(3)10, 18(3)11, 18(4)12, 18(4)14
attacker, 2(2)159, 8(1)78, 10(1)4, 10(4)3, 10(4)6, 11(3)12, 11(3)15, 12(2)12, 12(3)17, 12(4)22, 13(4)37, 14(1)7, 14(1)13, 14(4)31, 15(1)2, 15(4)16, 17(2)8, 17(3)11, 17(4)13, 17(4)16, 18(1)1, 18(2)7, 18(4)13
automated, 6(1)1, 9(3)352, 10(3)12, 13(1)2, 15(1)3, 15(3)12, 15(4)17, 17(4)14, 18(3)9
based, 1(1)3, 2(1)34, 2(2)177, 2(3)230, 2(3)295, 2(3)332, 3(3)161, 7(2)319, 9(2)162, 9(2)181, 9(4)421, 10(1)2, 10(1)4, 10(2)6, 11(1)3, 11(2)1, 11(2)4, 11(3)12, 11(3)15, 11(4)17, 11(4)18, 12(1)1, 12(2)13, 12(3)16, 12(3)17, 12(3)18, 13(3)24, 13(3)27, 13(3)28, 13(4)29, 13(4)30, 13(4)31, 13(4)41, 14(1)3, 14(1)4, 14(1)8, 14(1)9, 14(1)10, 14(4)30, 15(2)6, 15(2)7, 15(3)13, 16(2)8, 16(4)16, 17(1)3, 17(2)7, 17(3)12, 17(4)13, 17(4)14, 17(4)15, 17(4)16, 18(1)1, 18(1)4, 18(3)10, 18(3)11, 18(4)14
based, graph-, 5(3)332
central, 1(1)93, 9(4)421
coded, hard-, 13(3)20
consist, 2(2)177, 2(4)390, 12(3)18, 13(4)30
correlated, 10(1)4, 18(4)13
coverage, 10(4)6, 16(2)7, 16(4)17
dataset, 10(1)4, 10(4)4, 13(4)32, 15(4)15, 15(4)17, 16(2)8, 16(4)14, 17(3)12, 18(2)7, 18(4)12, 18(4)14
demonstrate, 2(3)295, 10(1)4, 10(4)1, 10(4)4, 10(4)6, 11(1)3, 11(3)16, 11(4)22, 12(3)19, 13(1)10, 13(4)30, 13(4)31, 13(4)38, 14(3)27, 15(1)2, 15(1)4, 15(2)7, 15(3)12, 15(3)13, 15(4)16, 16(3)9, 16(3)10, 17(2)8, 17(3)10, 17(3)12, 17(4)16, 18(2)8, 18(4)12, 18(4)14
develop, 2(2)138, 10(2)8, 10(3)9, 11(3)12, 12(1)6, 12(3)14, 13(3)22, 13(3)27, 14(1)9, 14(4)32, 15(1)3, 15(2)9, 15(2)10, 16(2)7, 16(3)10, 17(1)2
developed, 10(1)4, 10(2)7, 11(3)14, 13(3)26, 13(3)28, 14(1)6, 14(1)13, 15(3)13, 16(4)17, 17(1)3, 18(1)1, 18(2)8
discussed, 10(2)6
entities, 2(2)138, 10(1)2, 10(3)12, 11(1)2, 11(3)14, 12(2)8, 14(3)27
evidence, 12(2)9, 13(3)25, 17(1)2, 17(3)12, 18(1)1, 18(4)14
experimental, 1(1)3, 1(1)26, 10(1)3, 10(1)4, 11(1)3, 11(4)22, 11(4)23, 12(3)16, 13(3)22, 15(3)12, 15(4)16, 16(2)7, 16(3)10, 16(4)17, 18(3)11, 18(4)12
expert, 10(3)10, 15(3)13, 17(3)12
extract, 14(4)32
extraction, 15(2)7
facilitate, 13(4)36, 14(3)23, 15(2)6, 15(3)13
forensic, 2(2)159, 7(3)333, 13(2)15, 15(2)9
framework, 2(3)295, 3(4)227, 6(1)71, 6(3)404, 7(2)175, 8(2)187, 9(2)181, 9(4)391, 10(1)2, 10(3)10, 11(1)3, 11(3)12, 11(4)19, 11(4)20, 12(1)2, 12(1)5, 12(3)19, 12(4)21, 13(3)24, 13(3)28, 14(1)9, 14(1)11, 14(2)21, 14(4)31, 15(2)10, 15(3)12, 15(3)14, 15(4)17, 16(1)2, 16(3)9, 16(4)15, 16(4)17, 17(1)3, 17(2)5, 17(2)7, 17(3)11, 17(3)12, 17(4)13, 17(4)14, 17(4)15, 18(1)4, 18(3)10, 18(4)12
functional, 10(4)2, 10(4)3, 15(1)3
global, 11(3)15, 12(2)8, 18(2)6, 18(4)12
good, 11(4)18, 12(1)2, 12(3)17, 13(4)32, 13(4)38, 15(4)17, 18(1)1, 18(1)2
graph, 2(1)3, 2(1)105, 10(4)1, 11(3)13, 12(3)18, 15(4)18, 17(3)11, 18(4)12
graph-based, 5(3)332
group, 1(1)66, 2(4)354, 3(3)136, 4(3)289, 4(4)371, 6(4)547, 7(1)60, 7(3)457, 7(4)523, 10(3)10, 11(1)3, 11(4)18, 11(4)23, 13(4)34, 14(1)4, 14(3)23, 14(4)28, 16(1)4, 17(1)4
hard-coded, 13(3)20
help, 10(4)1, 12(1)2, 13(1)10, 13(4)40, 15(2)6, 18(1)1
hierarchical, 10(4)2, 12(3)18, 14(1)3
identify, 11(2)2, 11(3)12, 11(3)15, 11(3)16, 11(4)18, 11(4)20, 12(4)20, 12(4)22, 13(4)35, 14(1)13, 15(4)18, 16(2)7, 17(4)13, 18(4)13
implement, 2(2)177, 9(4)461, 11(1)3, 11(3)14, 11(3)16, 12(2)13, 14(1)6, 14(1)10, 14(3)24, 14(4)31, 15(2)6, 16(2)6, 16(2)8, 16(3)10, 16(4)14, 17(2)6, 17(3)10
important, 1(1)3, 1(1)66, 2(3)295, 10(2)8, 11(3)14, 11(4)18, 11(4)20, 13(3)26, 13(3)27, 13(4)36, 14(4)28, 15(3)12, 15(4)18, 16(1)4, 17(3)11
infer, 15(4)15, 17(1)2, 18(1)1
knowledge, 10(3)12, 11(2)2, 11(3)15, 12(1)3, 12(2)11, 13(4)35, 15(3)14, 17(1)2, 17(3)9, 18(4)12
less, 12(1)1, 13(3)25, 13(4)29, 17(3)10, 17(3)11
level, 2(1)34, 2(3)269, 2(3)332, 10(1)2, 10(1)4, 11(4)18, 12(2)8, 12(4)22, 15(2)7, 15(3)12
local, 2(1)34, 2(3)269, 11(2)2, 12(3)17, 14(3)25, 14(4)31, 18(2)6, 18(2)8, 18(4)12
mechanism, 2(2)177, 3(1)51, 10(2)8, 10(4)4, 10(4)6, 11(2)5, 11(3)12, 11(3)16, 12(2)9, 12(2)11, 12(2)13, 12(3)15, 12(3)19, 12(4)22, 13(3)21, 13(3)24, 13(3)25, 13(3)28, 13(4)29, 14(1)3, 14(1)11, 14(3)24, 14(3)27, 15(1)5, 15(2)6, 15(2)10, 16(1)3, 16(2)5, 16(3)12, 17(1)3, 17(2)5, 17(3)10, 18(4)14
novel, 2(3)269, 9(4)461, 10(1)4, 10(3)12, 11(1)2, 11(1)3, 11(2)2, 11(4)18, 11(4)19, 12(3)16, 14(1)5, 15(1)4, 16(1)1, 16(4)16, 17(1)2, 17(3)9, 17(4)14, 18(1)4, 18(4)12
observation, 2(1)34, 2(3)295, 11(2)4, 13(1)10, 18(1)4
participant, 10(2)7, 10(3)10, 14(4)28, 18(4)13
present, 1(1)26, 2(1)3, 2(1)65, 2(2)177, 2(3)230, 2(3)269, 2(3)295, 2(4)354, 7(2)319, 9(2)181, 9(4)461, 10(1)2, 10(2)7, 10(3)10, 10(3)11, 10(3)12, 10(4)2, 10(4)3, 11(1)2, 11(1)4, 11(2)2, 11(2)5, 11(3)14, 11(4)22, 12(1)2, 12(2)10, 12(2)11, 12(3)14, 12(3)15, 12(3)16, 12(3)17, 12(4)22, 13(1)10, 13(3)20, 13(3)22, 13(3)25, 13(3)28, 13(4)29, 13(4)41, 14(1)4, 14(1)5, 14(1)6, 15(1)2, 15(2)6, 15(2)8, 15(2)10, 15(3)12, 15(3)13, 15(4)16, 15(4)18, 16(2)6, 16(2)7, 16(4)13, 16(4)14, 17(1)4, 17(2)6, 17(2)7, 17(2)8, 17(3)9, 17(3)12, 17(4)14, 17(4)15, 17(4)16, 18(1)3, 18(1)4, 18(2)7, 18(3)9, 18(3)10, 18(3)11, 18(4)12, 18(4)14
propose, 1(1)26, 2(1)65, 2(2)138, 2(3)269, 9(2)162, 9(4)391, 9(4)421, 10(1)3, 10(1)4, 10(3)12, 10(4)1, 10(4)3, 10(4)4, 10(4)6, 11(1)3, 11(1)4, 11(3)12, 11(3)15, 11(4)18, 11(4)19, 11(4)23, 12(2)8, 12(2)11, 12(2)13, 12(3)18, 13(3)28, 13(4)32, 13(4)36, 13(4)40, 13(4)41, 14(1)5, 14(1)10, 14(1)11, 14(3)24, 14(3)26, 14(4)30, 15(2)7, 15(4)17, 16(1)2, 16(4)15, 16(4)16, 17(1)1, 17(3)10, 17(3)11, 17(3)12, 17(4)13, 17(4)14, 18(1)2, 18(2)7
prototype, 1(1)3, 2(1)34, 10(1)4, 10(4)4, 11(1)2, 11(1)3, 11(4)18, 12(2)13, 13(4)30, 14(1)3, 16(1)1, 16(2)6, 17(2)5
reasoning, 2(3)332, 6(1)71, 7(4)591, 11(3)12, 12(1)5, 13(3)20, 14(1)8, 14(2)16
result, 1(1)3, 1(1)26, 2(3)230, 2(4)390, 9(2)162, 10(1)3, 10(1)4, 10(2)5, 10(2)6, 10(3)9, 10(3)11, 10(4)2, 10(4)5, 11(2)3, 11(2)5, 11(3)13, 11(3)15, 11(4)18, 11(4)20, 11(4)21, 11(4)22, 12(2)9, 12(3)14, 12(3)17, 13(1)10, 13(3)22, 13(3)24, 13(3)25, 13(4)33, 13(4)35, 14(1)2, 14(1)14, 14(2)19, 15(1)5, 15(2)7, 15(2)8, 15(3)12, 15(3)13, 15(3)14, 15(4)15, 16(1)2, 16(1)3, 16(2)5, 16(2)6, 16(2)7, 16(3)10, 16(3)11, 16(4)14, 16(4)17, 17(2)7, 17(3)9, 17(3)10, 17(3)12, 17(4)14, 18(1)4, 18(2)5, 18(2)6, 18(3)9, 18(3)11, 18(4)12, 18(4)13
scenario, 2(3)230, 11(2)6, 11(4)19, 12(1)2, 12(3)16, 13(3)22, 14(3)25, 15(1)4, 17(3)9, 17(4)16
state, 1(1)93, 2(2)177, 10(2)5, 12(1)5, 12(2)8, 12(4)20, 13(1)10, 13(3)20, 14(1)6, 14(1)10, 14(1)13, 14(4)32, 16(1)3, 17(2)7, 18(1)3, 18(1)4
structure, 2(4)354, 9(2)113, 9(4)421, 10(3)11, 12(3)15, 13(4)32, 14(1)4, 15(4)17, 18(2)8
technique, 1(1)3, 2(2)138, 2(3)230, 2(3)295, 2(4)416, 7(2)274, 9(4)391, 9(4)461, 10(2)6, 10(3)9, 10(4)6, 11(2)2, 11(3)12, 11(3)16, 11(4)17, 11(4)18, 11(4)22, 12(2)11, 12(2)13, 12(3)16, 12(3)18, 13(3)22, 13(3)25, 13(3)28, 13(4)32, 13(4)33, 13(4)35, 13(4)36, 13(4)39, 14(1)3, 14(1)5, 14(1)6, 14(1)13, 14(3)24, 14(4)32, 15(1)2, 15(1)5, 15(2)7, 15(2)8, 15(3)12, 15(4)17, 15(4)18, 16(1)2, 16(2)6, 16(2)7, 16(3)11, 16(4)13, 16(4)14, 17(3)9, 17(3)12, 17(4)16, 18(1)2, 18(2)6, 18(3)11
testing, 3(4)262, 12(3)14, 13(3)26, 15(1)3, 16(2)8, 17(2)5
toward, 10(1)2, 10(4)4, 11(1)3, 15(2)7, 17(2)6, 18(4)14
two, 1(1)26, 2(4)416, 9(4)391, 10(1)4, 10(2)6, 10(2)8, 10(3)10, 10(4)4, 11(2)1, 11(2)4, 11(2)6, 11(3)13, 11(4)22, 12(1)2, 12(1)3, 12(1)6, 12(3)14, 12(4)20, 13(3)22, 13(3)27, 13(4)40, 14(1)4, 14(1)5, 14(4)30, 15(1)2, 15(1)5, 15(2)6, 15(3)11, 15(3)12, 16(1)1, 16(1)2, 16(1)4, 16(3)9, 16(3)10, 16(4)15, 17(4)13, 18(2)5, 18(4)12, 18(4)13, 18(4)14
various, 10(1)3, 10(3)11, 10(4)2, 11(1)3, 11(2)3, 11(2)6, 11(3)14, 11(3)15, 13(4)35, 14(1)13, 14(4)28, 18(1)1, 18(2)5