Network Forensics is scientifically proven technique to accumulate, perceive, identify, examine, associate, analyse and document digital evidence from multiple systems for the purpose of uncovering the fact of attacks and other problem incident as well as performing the action to recover from the attack. Many systems are proposed for designing the network forensic systems. In this paper we have prepared comparative analysis of various models based on different techniques.
Network security using data mining conceptsJaideep Ghosh
Network Security is a major part of a network that needs to be maintained because information is being passed between computers etc. and is very vulnerable to attack.
Data Mining is the process of extraction of required/specific information from data in database.
Data mining is integrated with network security and can be used with various security tools as well as hacking tool.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
The document discusses various aspects of network forensics and investigating logs. It covers analyzing log files as evidence, maintaining accurate timekeeping across systems, configuring extended logging in IIS servers, and the importance of log file accuracy and authenticity when using logs as evidence in an investigation.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
This document proposes a hybrid architecture for a distributed intrusion detection system using multiple agents. The key aspects of the architecture include:
- Using multiple independent tracker agents that monitor hosts and generate reports sent to monitors and storage.
- Monitors analyze activity and compare to signatures to detect known attacks, or send data to anomaly detectors.
- Anomaly and misuse detectors use classification and pattern matching to detect known and unknown attacks.
- An inference module coordinates entities across hosts to classify new attacks using a knowledge base and signature generator.
- A countermeasure module alerts administrators and can take actions like dropping packets in response to detected attacks.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
This document proposes a machine learning approach using the Naive Bayes algorithm to detect distributed denial of service (DDoS) attacks through network intrusion detection. It first discusses the issues with existing intrusion detection systems, including long training times and low accuracy. It then summarizes research on applying various machine learning techniques like neural networks, decision trees, and Naive Bayes to intrusion detection. The proposed system would build a classifier using Naive Bayes, which provides faster training than other methods, to distinguish normal and attack traffic. This approach aims to improve upon the training time and detection accuracy of existing intrusion detection systems.
Network forensics is the capture, recording, and analysis of network events and traffic in order to discover the source of security attacks or other problem incidents. It involves systematically capturing and analyzing network traffic and events to trace and prove a network security incident. Network forensics provides crucial network-based evidence that can be used to successfully prosecute criminals. It is a difficult process that depends on maintaining high-quality network information.
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
Due to extensive growth of the Internet and increasing availability of tools and methods for intruding and attacking
networks, intrusion detection has become a critical component of network security parameters. TCP/IP protocol suite is the defacto
standard for communication on the Internet. The underlying vulnerabilities in the protocols is the root cause of intrusions. Therefor
Intrusion detection system becomes an important element in network security that controls real time data and leads to huge
dimensional problem. Processing large number of packets and data in real time is very difficult and costly. Therefor data preprocessing
is necessary to remove redundant and unwanted information from packets and clean network data. Here, we are focusing on
two important aspects of intrusion detection; one is accuracy and other is performance. The layered approach of TCP/IP model can be
applied to packet pre-processing to achieve early and faster intrusion detection. Motivation for the paper comes from the large impact
data preprocessing has on the accuracy and capability of anomaly-based NIPS. In this paper it is demonstrated that high attack
detection accuracy can be achieved by using layered approach for data preprocessing in Internet. To reduce false positive rate and to
increase efficiency of detection, the paper proposed framework for preprocessing in intrusion prevention system. We experimented
with real time network traffic as well as he KDDcup99 dataset for our research.
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...IJNSA Journal
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks.
In this paper, we present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks. We categorize IDPS based on deployment as Network-based, host-based, and Perimeter-based and Hybrid. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level to give better performance in terms of reduced rate of false positives and accurate detection and prevention.
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
The document proposes a signature-based intrusion detection system using multithreading. It captures network packets and analyzes them for intrusions by comparing signatures to databases of known attacks. A multithreaded design is suggested to improve performance by processing packets in parallel threads. Agents would be deployed on the network with detection modules that use caching of frequent signatures to speed up analysis. An update module would transfer new frequent signatures to the caches.
This document summarizes a study on digital forensics. It discusses the tools used in digital forensics including DriveSpy and Forensic Tool Kit (FTK). It outlines the digital evidence collection process as: 1) Identify systems involved and likely relevant evidence, 2) Collect, observe and preserve evidence following order of volatility, 3) Analyze, identify and rebuild evidence while verifying results. Common reasons for needing digital forensics are discussed like unauthorized access, denial of service attacks, and virus/worm/Trojan attacks. Strategies for computer forensics include preserving evidence without altering it, authenticating recovered evidence, and analyzing without modification. Tools like EnCase are also summarized that perform functions like data acquisition
An Efficient Classification Mechanism For Network Intrusion Detection System Based on Data Mining
Techniques:A Survey..........................................................................................................................1
Subaira A. S. and Anitha P.
Automated Biometric Verification: A Survey on Multimodal Biometrics ..............................................1
Rupali L. Telgad, Almas M. N. Siddiqui and Dr. Prapti D. Deshmukh
Design and Implementation of Intelligence Car Parking Systems ........................................................1
Ogunlere Samson, Maitanmi Olusola and Gregory Onwodi
Intrusion Detection Techniques for Mobile Ad Hoc and Wireless Sensor Networks..............................1
Rakesh Sharma, V. A. Athavale and Pinki Sharma
Performance Evaluation of Sentiment Mining Classifiers on Balanced and Imbalanced Dataset ...........1
G.Vinodhini and R M. Chandrasekaran
Demosaicing and Super-resolution for Color Filter Array via Residual Image Reconstruction and Sparse
Representation..................................................................................................................................1
Jie Yin, Guangling Sun and Xiaofei Zhou
Determining Weight of Known Evaluation Criteria in the Field of Mehr Housing using ANP Approach ..1
Saeed Safari, Mohammad Shojaee, Mohammad Tavakolian and Majid Assarian
Application of the Collaboration Facets of the Reference Model in Design Science Paradigm ...............1
Lukasz Ostrowski and Markus Helfert
Personalizing Education News Articles Using Interest Term and Category Based Recommender
Approaches .......................................................................................................................................1
This document summarizes various soft computing techniques that can be used for intrusion detection, including fuzzy logic, graph-based approaches, and neural networks. Fuzzy logic can be used to classify parameters and detect anomalies by comparing normal and new fuzzy association rule sets. Graph-based approaches model network traffic as graphs of nodes and edges and use clustering algorithms to detect anomalies. Neural networks can be trained on audit log data to recognize normal behavior and detect deviations that may indicate attacks. These soft computing methods aim to improve on signature-based detection by learning patterns of normal network activity and detecting anomalies.
A Study on Data Mining Based Intrusion Detection SystemAM Publications
In recent years security has remained unsecured for computers as well as data network systems. Intrusion detecting
system used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining
techniques that can be applied to intrusion detection system to detect normal and abnormal behavior patterns. This paper studies
nature of network attacks and the current trends of data mining based intrusion detection techniques
Analysis and Design for Intrusion Detection System Based on Data MiningPritesh Ranjan
This document discusses using data mining techniques to improve intrusion detection systems (IDS). It begins by introducing computer network risks and limitations of existing IDS approaches. It then discusses using data mining algorithms like ID3, k-means clustering, and Apriori pattern mining within a hybrid IDS framework. The framework includes sensors to collect host and network data, a data warehouse for storage, and an analysis engine using misuse detection, anomaly detection and data mining algorithms to detect intrusions. It concludes that data mining allows IDS to detect both known and unknown attacks more efficiently.
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...IJNSA Journal
In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection
system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.
This document discusses network intrusion detection systems (NIDS) and their ability to handle high-speed traffic. It introduces NIDS and their role in monitoring network traffic. The document presents an experiment that tests the open-source NIDS Snort under high-volume traffic. The experiment shows that Snort drops more packets as traffic speed and volume increases, demonstrating a weakness of NIDS in high-speed environments. It suggests using a parallel NIDS technique to help NIDS better handle high-speed network traffic and reduce packet dropping.
INTRUSION DETECTION SYSTEM USING CUSTOMIZED RULES FOR SNORTIJMIT JOURNAL
This document proposes an intrusion detection system using customized rules for the Snort tool to improve security. The system uses Wireshark to scan network traffic for anomalies, Snort to detect attacks using customized rulesets for faster response times, and Wazuh and Splunk to analyze log files. Rules are created using the Snorpy tool and added to Snort to monitor for specific attacks like ICMP ping impersonation and authentication attempts. When attacks are attempted, the system successfully detects them and logs the alerts. The integration of these tools provides low-cost intrusion detection capabilities with automated threat identification and faster response compared to existing Snort configurations.
This document summarizes a proposed network attack alerting system that aims to reduce the large number of alerts generated by intrusion detection systems (IDS). The system uses both network-based and host-based IDS to detect attacks launched using the Backtrack attacking tools on a virtual network lab environment. Well-known open source security tools on the Security Onion Linux distribution are used to generate alerts. The system defines rules to identify important alert types and stores alerts in a database. It aims to eliminate redundant alerts for the same attack by analyzing attributes like source/destination IP and port. Alert severity levels are defined using threshold counts and times to classify alerts and help administrators respond appropriately.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This document describes a proposed artificial neural network based intrusion detection system. It uses a multilayer perceptron neural network architecture trained on the KDD Cup 99 intrusion detection dataset. The system monitors network traffic in real-time, extracts features from network packets, and classifies the traffic into six categories using the neural network. It is able to detect both known and unknown attacks. The system aims to improve upon traditional signature-based intrusion detection systems.
Network Intrusion Detection And Countermeasure Selection In Virtual Network (...ClaraZara1
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in detecting abnormal content in the traffic data during information passing from one node to another and also detects known attack signature and unknown attack. This approach is tested by running the artificial network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIOSR Journals
To improve network security different steps has been taken as size and importance of the network has
increases day by day. Then chances of a network attacks increases Network is mainly attacked by some
intrusions that are identified by network intrusion detection system. These intrusions are mainly present in data
packets and each packet has to scan for its detection. This paper works to develop a intrusion detection system
which utilizes the identity and signature of the intrusion for identifying different kinds of intrusions. As network
intrusion detection system need to be efficient enough that chance of false alarm generation should be less,
which means identifying as a intrusion but actually it is not an intrusion. Result obtained after analyzing this
system is quite good enough that nearly 90% of true alarms are generated. It detect intrusion for various
services like Dos, SSH, etc by neural network
A Modular Approach To Intrusion Detection in Homogenous Wireless NetworkIOSR Journals
This document discusses a modular approach to intrusion detection in homogeneous wireless networks. It begins by introducing wireless networks and the need for intrusion detection systems (IDS) due to security vulnerabilities. It then discusses different types of IDS, including signature-based detection that identifies known attacks, and anomaly-based detection that identifies deviations from normal behavior but can result in high false positives. The document proposes a modular approach combining advantages of signature-based and anomaly-based detection for high detection rates and low false positives. Requirements for IDS in wireless networks are also outlined.
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Survey on Host and Network Based Intrusion Detection SystemEswar Publications
With invent of new technologies and devices, Intrusion has become an area of concern because of security issues, in the ever growing area of cyber-attack. An intrusion detection system (IDS) is defined as a device or software application which monitors system or network activities for malicious activities or policy violations. It produces reports to a management station [1]. In this paper we are mainly focused on different IDS concepts based on Host and Network systems.
In recent years, wireless sensor network (WSN) is used in several application areas resembling observance, tracking, and dominant in IoTs. for several applications of WSN, security is a crucial demand. However, security solutions in WSN disagree from ancient networks because of resource limitation and process constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. This paper additionally presents characteristics, security needs, attacks, cryptography algorithms, and operation modes. This paper is taken into account to be helpful for security designers in WSNs.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
This document discusses securing healthcare networks against cyber attacks. It proposes using intrusion detection systems to continuously monitor networks, firewalls to ensure endpoint devices comply with security policies, and biometrics for identity-based network access control. This would help protect patient privacy by safeguarding electronic health records and enhancing the security of hospital networks. The growing adoption of electronic records and devices in healthcare has increased risks of attacks that could intercept patient data or take over entire hospital networks. Strong network security measures are needed to address these risks.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Detecting Anomaly IDS in Network using Bayesian NetworkIOSR Journals
In a hostile area of network, it is a severe challenge to protect sink, developing flexible and adaptive
security oriented approaches against malicious activities. Intrusion detection is the act of detecting, monitoring
unwanted activity and traffic on a network or a device, which violates security policy. This paper begins with a
review of the most well-known anomaly based intrusion detection techniques. AIDS is a system for detecting
computer intrusions, type of misuse that falls out of normal operation by monitoring system activity and
classifying it as either normal or anomalous .It is based on Machine Learning AIDS schemes model that allows
the attacks analyzed to be categorized and find probabilistic relationships among attacks using Bayesian
network.
A Review Of Intrusion Detection System In Computer NetworkAudrey Britton
This document provides an overview of intrusion detection systems (IDS) and the techniques used to implement them. It discusses that IDS are used to detect malicious actions on computer networks and protect important files and documents. The document then summarizes that IDS have four main components - sensors to monitor the system, a database to store event information, an analysis module to detect potential threats, and a response module to address detected threats. It also categorizes IDS based on the data source, detection approach, structure, and how intrusions are detected. Finally, the document outlines various techniques used in IDS, including artificial intelligence methods like neural networks, fuzzy logic, genetic algorithms and machine learning approaches.
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMIJNSA Journal
Nowadays it is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations. But secured data communication over internet and any other network is always under threat of intrusions and misuses. So Intrusion Detection Systems have
become a needful component in terms of computer and network security. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. So, the quest of betterment continues. In this progression, here we present an Intrusion
Detection System (IDS), by applying genetic algorithm (GA) to efficiently detect various types of network intrusions. Parameters and evolution processes for GA are discussed in details and implemented. This approach uses evolution theory to information evolution in order to filter the traffic data and thus reduce the complexity. To implement and measure the performance of our system we used the KDD99
benchmark dataset and obtained reasonable detection rate.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
Due to availability of internet and evolution of embedded devices, Internet of things can be useful to contribute in energy domain. The Internet of Things (IoT) will deliver a smarter grid to enable more information and connectivity throughout the infrastructure and to homes. Through the IoT, consumers, manufacturers and utility providers will come across new ways to manage devices and ultimately conserve resources and save money by using smart meters, home gateways, smart plugs and connected appliances. The future smart home, various devices will be able to measure and share their energy consumption, and actively participate in house-wide or building wide energy management systems. This paper discusses the different approaches being taken worldwide to connect the smart grid. Full system solutions can be developed by combining hardware and software to address some of the challenges in building a smarter and more connected smart grid.
A Survey Report on : Security & Challenges in Internet of Thingsijsrd.com
In the era of computing technology, Internet of Things (IoT) devices are now popular in each and every domains like e-governance, e-Health, e-Home, e-Commerce, and e-Trafficking etc. Iot is spreading from small to large applications in all fields like Smart Cities, Smart Grids, Smart Transportation. As on one side IoT provide facilities and services for the society. On the other hand, IoT security is also a crucial issues.IoT security is an area which totally concerned for giving security to connected devices and networks in the IoT .As, IoT is vast area with usability, performance, security, and reliability as a major challenges in it. The growth of the IoT is exponentially increases as driven by market pressures, which proportionally increases the security threats involved in IoT The relationship between the security and billions of devices connecting to the Internet cannot be described with existing mathematical methods. In this paper, we explore the opportunities possible in the IoT with security threats and challenges associated with it.
In today’s emerging world of Internet, each and every thing is supposed to be in connected mode with the help of billions of smart devices. By connecting all the devises used in our day to day life, make our life trouble less and easy. We are incorporated in a world where we are used to have smart phones, smart cars, smart gadgets, smart homes and smart cities. Different institutes and researchers are working for creating a smart world for us but real question which we need to emphasis on is how to make dumb devises talk with uncommon hardware and communication technology. For the same what kind of mechanism to use with various protocols and less human interaction. The purpose is to provide the key area for application of IoT and a platform on which various devices having different mechanism and protocols can communicate with an integrated architecture.
Study on Issues in Managing and Protecting Data of IOTijsrd.com
This paper discusses variety of issues for preserving and managing data produced by IoT. Every second large amount of data are added or updated in the IoT databases across the heterogeneous environment. While managing the data each phase of data processing for IoT data is exigent like storing data, querying, indexing, transaction management and failure handling. We also refer to the problem of data integration and protection as data requires to be fit in single layout and travel securely as they arrive in the pool from diversified sources in different structure. Finally, we confer a standardized pathway to manage and to defend data in consistent manner.
Interactive Technologies for Improving Quality of Education to Build Collabor...ijsrd.com
Today with advancement in Information Communication Technology (ICT) the way the education is being delivered is seeing a paradigm shift from boring classroom lectures to interactive applications such as 2-D and 3-D learning content, animations, live videos, response systems, interactive panels, education games, virtual laboratories and collaborative research (data gathering and analysis) etc. Engineering is emerging with more innovative solutions in the field of education and bringing out their innovative products to improve education delivery. The academic institutes which were once hesitant to use such technology are now looking forward to such innovations. They are adopting the new ways as they are realizing the vast benefits of using such methods and technology. The benefits are better comprehensibility, improved learning efficiency of students, and access to vast knowledge resources, geographical reach, quick feedback, accountability and quality research. This paper focuses on how engineering can leverage the latest technology and build a collaborative learning environment which can then be integrated with the national e-learning grid.
Internet of Things - Paradigm Shift of Future Internet Application for Specia...ijsrd.com
In the world more than 15% people are living with disability that also include children below age of 10 years. Due to lack of independent support services specially abled (handicap) people overly rely on other people for their basic needs, that excludes them from being financially and socially active. The Internet of Things (IoT) can give support system and a better quality of life as well as participation in routine and day to day life. For this purpose, the future solutions for current problems has been introduced in this paper. Daunting challenges have been considered as future research and glimpse of the IoT for specially abled person is given in the paper.
A Study of the Adverse Effects of IoT on Student's Lifeijsrd.com
Internet of things (IoT) is the most powerful invention and if used in the positive direction, internet can prove to be very productive. But, now a days, due to the social networking sites such as Face book, WhatsApp, twitter, hike etc. internet is producing adverse effects on the student life, especially those students studying at college Level. As it is rightly said, something which has some positive effects also has some of the negative effects on the other hand. In this article, we are discussing some adverse effects of IoT on student’s life.
Pedagogy for Effective use of ICT in English Language Learningijsrd.com
The use of information and communications technology (ICT) in education is a relatively new phenomenon and it has been the educational researchers' focus of attention for more than two decades. Educators and researchers examine the challenges of using ICT and think of new ways to integrate ICT into the curriculum. However, there are some barriers for the teachers that prevent them to use ICT in the classroom and develop supporting materials through ICT. The purpose of this study is to examine the high school English teachers’ perceptions of the factors discouraging teachers to use ICT in the classroom.
In recent years usage of private vehicles create urban traffic more and more crowded. As result traffic becomes one of the important problems in big cities in all over the world. Some of the traffic concerns are traffic jam and accidents which have caused a huge waste of time, more fuel consumption and more pollution. Time is very important parameter in routine life. The main problem faced by the people is real time routing. Our solution Virtual Eye will provide the current updates as in the real time scenario of the specific route. This research paper presents smart traffic navigation system, based on Internet of Things, which is featured by low cost, high compatibility, easy to upgrade, to replace traditional traffic management system and the proposed system can improve road traffic tremendously.
Ontological Model of Educational Programs in Computer Science (Bachelor and M...ijsrd.com
In this work there is illustrated an ontological model of educational programs in computer science for bachelor and master degrees in Computer science and for master educational program “Computer science as second competence†by Tempus project PROMIS.
Understanding IoT Management for Smart Refrigeratorijsrd.com
1) The document discusses a proposed design for an intelligent refrigerator that leverages sensor technology and wireless communication to identify food items and order more through an internet connection when supplies are low.
2) Key aspects of the proposal include using RFID to uniquely identify each food item, storing item and usage data in an XML database, monitoring usage patterns to determine reordering needs, and executing orders through an online retailer using stored payment details.
3) Security and privacy concerns with such an internet-connected refrigerator are discussed, such as potential hacking of personal information or unauthorized device control. The proposal aims to minimize human interaction for household management.
DESIGN AND ANALYSIS OF DOUBLE WISHBONE SUSPENSION SYSTEM USING FINITE ELEMENT...ijsrd.com
Double wishbone designs allow the engineer to carefully control the motion of the wheel throughout suspension travel. 3-D model of the Lower Wishbone Arm is prepared by using CAD software for modal and stress analysis. The forces and moments are used as the boundary conditions for finite element model of the wishbone arm. By using these boundary conditions static analysis is carried out. Then making the load as a function of time; quasi-static analysis of the wishbone arm is carried out. A finite element based optimization is used to optimize the design of lower wishbone arm. Topology optimization and material optimization techniques are used to optimize lower wishbone arm design.
A Review: Microwave Energy for materials processingijsrd.com
Microwave energy is a latest largest growing technique for material processing. This paper presents a review of microwave technologies used for material processing and its use for industrial applications. Advantages in using microwave energy for processing material include rapid heating, high heating efficiency, heating uniformity and clean energy. The microwave heating has various characteristics and due to which it has been become popular for heating low temperature applications to high temperature applications. In recent years this novel technique has been successfully utilized for the processing of metallic materials. Many researchers have reported microwave energy for sintering, joining and cladding of metallic materials. The aim of this paper is to show the use of microwave energy not only for non-metallic materials but also the metallic materials. The ability to process metals with microwave could assist in the manufacturing of high performance metal parts desired in many industries, for example in automotive and aeronautical industries.
Web Usage Mining: A Survey on User's Navigation Pattern from Web Logsijsrd.com
With an expontial growth of World Wide Web, there are so many information overloaded and it became hard to find out data according to need. Web usage mining is a part of web mining, which deal with automatic discovery of user navigation pattern from web log. This paper presents an overview of web mining and also provide navigation pattern from classification and clustering algorithm for web usage mining. Web usage mining contain three important task namely data preprocessing, pattern discovery and pattern analysis based on discovered pattern. And also contain the comparative study of web mining techniques.
APPLICATION OF STATCOM to IMPROVED DYNAMIC PERFORMANCE OF POWER SYSTEMijsrd.com
Application of FACTS controller called Static Synchronous Compensator STATCOM to improve the performance of power grid with Wind Farms is investigated .The essential feature of the STATCOM is that it has the ability to absorb or inject fastly the reactive power with power grid . Therefore the voltage regulation of the power grid with STATCOM FACTS device is achieved. Moreover restoring the stability of the power system having wind farm after occurring severe disturbance such as faults or wind farm mechanical power variation is obtained with STATCOM controller . The dynamic model of the power system having wind farm controlled by proposed STATCOM is developed . To validate the powerful of the STATCOM FACTS controller, the studied power system is simulated and subjected to different severe disturbances. The results prove the effectiveness of the proposed STATCOM controller in terms of fast damping the power system oscillations and restoring the power system stability.
Making model of dual axis solar tracking with Maximum Power Point Trackingijsrd.com
Now a days solar harvesting is more popular. As the popularity become higher the material quality and solar tracking methods are more improved. There are several factors affecting the solar system. Major influence on solar cell, intensity of source radiation and storage techniques The materials used in solar cell manufacturing limit the efficiency of solar cell. This makes it particularly difficult to make considerable improvements in the performance of the cell, and hence restricts the efficiency of the overall collection process. Therefore, the most attainable maximum power point tracking method of improving the performance of solar power collection is to increase the mean intensity of radiation received from the source used. The purposed of tracking system controls elevation and orientation angles of solar panels such that the panels always maintain perpendicular to the sunlight. The measured variables of our automatic system were compared with those of a fixed angle PV system. As a result of the experiment, the voltage generated by the proposed tracking system has an overall of about 28.11% more than the fixed angle PV system. There are three major approaches for maximizing power extraction in medium and large scale systems. They are sun tracking, maximum power point (MPP) tracking or both.
A REVIEW PAPER ON PERFORMANCE AND EMISSION TEST OF 4 STROKE DIESEL ENGINE USI...ijsrd.com
This document summarizes a review paper on performance and emission testing of a 4-stroke diesel engine using ethanol-diesel blends at different pressures. The paper reviews several previous studies that tested blends of 5-30% ethanol mixed with diesel fuel. The studies found that a 10-20% ethanol blend can improve brake thermal efficiency compared to pure diesel, while also reducing emissions like NOx and smoke. Higher ethanol blends required advancing the injection timing to allow the engine to run. Ethanol-diesel blends were found to have lower density, viscosity, pour point and higher flash point compared to pure diesel. Overall, ethanol shows potential as a renewable fuel to improve engine performance and reduce emissions when blended with diesel
Study and Review on Various Current Comparatorsijsrd.com
This paper presents study and review on various current comparators. It also describes low voltage current comparator using flipped voltage follower (FVF) to obtain the single supply voltage. This circuit has short propagation delay and occupies a small chip area as compare to other current comparators. The results of this circuit has obtained using PSpice simulator for 0.18 μm CMOS technology and a comparison has been performed with its non FVF counterpart to contrast its effectiveness, simplicity, compactness and low power consumption.
Reducing Silicon Real Estate and Switching Activity Using Low Power Test Patt...ijsrd.com
Power dissipation is a challenging problem for today's system-on-chip design and test. This paper presents a novel architecture which generates the test patterns with reduced switching activities; it has the advantage of low test power and low hardware overhead. The proposed LP-TPG (test pattern generator) structure consists of modified low power linear feedback shift register (LP-LFSR), m-bit counter, gray counter, NOR-gate structure and XOR-array. The seed generated from LP-LFSR is EXCLUSIVE-OR ed with the data generated from gray code generator. The XOR result of the sequence is single input changing (SIC) sequence, in turn reduces the switching activity and so power dissipation will be very less. The proposed architecture is simulated using Modelsim and synthesized using Xilinx ISE9.2.The Xilinx chip scope tool will be used to test the logic running on FPGA.
Defending Reactive Jammers in WSN using a Trigger Identification Service.ijsrd.com
In the last decade, the greatest threat to the wireless sensor network has been Reactive Jamming Attack because it is difficult to be disclosed and defend as well as due to its mass destruction to legitimate sensor communications. As discussed above about the Reactive Jammers Nodes, a new scheme to deactivate them efficiently is by identifying all trigger nodes, where transmissions invoke the jammer nodes, which has been proposed and developed. Due to this identification mechanism, many existing reactive jamming defending schemes can be benefited. This Trigger Identification can also work as an application layer .In this paper, on one side we provide the several optimization problems to provide complete trigger identification service framework for unreliable wireless sensor networks and on the other side we also provide an improved algorithm with regard to two sophisticated jamming models, in order to enhance its robustness for various network scenarios.
Understanding Cybersecurity Breaches: Causes, Consequences, and PreventionBert Blevins
Cybersecurity breaches are a growing threat in today’s interconnected digital landscape, affecting individuals, businesses, and governments alike. These breaches compromise sensitive information and erode trust in online services and systems. Understanding the causes, consequences, and prevention strategies of cybersecurity breaches is crucial to protect against these pervasive risks.
Cybersecurity breaches refer to unauthorized access, manipulation, or destruction of digital information or systems. They can occur through various means such as malware, phishing attacks, insider threats, and vulnerabilities in software or hardware. Once a breach happens, cybercriminals can exploit the compromised data for financial gain, espionage, or sabotage. Causes of breaches include software and hardware vulnerabilities, phishing attacks, insider threats, weak passwords, and a lack of security awareness.
The consequences of cybersecurity breaches are severe. Financial loss is a significant impact, as organizations face theft of funds, legal fees, and repair costs. Breaches also damage reputations, leading to a loss of trust among customers, partners, and stakeholders. Regulatory penalties are another consequence, with hefty fines imposed for non-compliance with data protection regulations. Intellectual property theft undermines innovation and competitiveness, while disruptions of critical services like healthcare and utilities impact public safety and well-being.
Software Engineering and Project Management - Introduction to Project ManagementPrakhyath Rai
Introduction to Project Management: Introduction, Project and Importance of Project Management, Contract Management, Activities Covered by Software Project Management, Plans, Methods and Methodologies, some ways of categorizing Software Projects, Stakeholders, Setting Objectives, Business Case, Project Success and Failure, Management and Management Control, Project Management life cycle, Traditional versus Modern Project Management Practices.
A brief introduction to quadcopter (drone) working. It provides an overview of flight stability, dynamics, general control system block diagram, and the electronic hardware.
Best Practices of Clothing Businesses in Talavera, Nueva Ecija, A Foundation ...IJAEMSJORNAL
This study primarily aimed to determine the best practices of clothing businesses to use it as a foundation of strategic business advancements. Moreover, the frequency with which the business's best practices are tracked, which best practices are the most targeted of the apparel firms to be retained, and how does best practices can be used as strategic business advancement. The respondents of the study is the owners of clothing businesses in Talavera, Nueva Ecija. Data were collected and analyzed using a quantitative approach and utilizing a descriptive research design. Unveiling best practices of clothing businesses as a foundation for strategic business advancement through statistical analysis: frequency and percentage, and weighted means analyzing the data in terms of identifying the most to the least important performance indicators of the businesses among all of the variables. Based on the survey conducted on clothing businesses in Talavera, Nueva Ecija, several best practices emerge across different areas of business operations. These practices are categorized into three main sections, section one being the Business Profile and Legal Requirements, followed by the tracking of indicators in terms of Product, Place, Promotion, and Price, and Key Performance Indicators (KPIs) covering finance, marketing, production, technical, and distribution aspects. The research study delved into identifying the core best practices of clothing businesses, serving as a strategic guide for their advancement. Through meticulous analysis, several key findings emerged. Firstly, prioritizing product factors, such as maintaining optimal stock levels and maximizing customer satisfaction, was deemed essential for driving sales and fostering loyalty. Additionally, selecting the right store location was crucial for visibility and accessibility, directly impacting footfall and sales. Vigilance towards competitors and demographic shifts was highlighted as essential for maintaining relevance. Understanding the relationship between marketing spend and customer acquisition proved pivotal for optimizing budgets and achieving a higher ROI. Strategic analysis of profit margins across clothing items emerged as crucial for maximizing profitability and revenue. Creating a positive customer experience, investing in employee training, and implementing effective inventory management practices were also identified as critical success factors. In essence, these findings underscored the holistic approach needed for sustainable growth in the clothing business, emphasizing the importance of product management, marketing strategies, customer experience, and operational efficiency.
Natural Is The Best: Model-Agnostic Code Simplification for Pre-trained Large...YanKing2
Pre-trained Large Language Models (LLM) have achieved remarkable successes in several domains. However, code-oriented LLMs are often heavy in computational complexity, and quadratically with the length of the input code sequence. Toward simplifying the input program of an LLM, the state-of-the-art approach has the strategies to filter the input code tokens based on the attention scores given by the LLM. The decision to simplify the input program should not rely on the attention patterns of an LLM, as these patterns are influenced by both the model architecture and the pre-training dataset. Since the model and dataset are part of the solution domain, not the problem domain where the input program belongs, the outcome may differ when the model is trained on a different dataset. We propose SlimCode, a model-agnostic code simplification solution for LLMs that depends on the nature of input code tokens. As an empirical study on the LLMs including CodeBERT, CodeT5, and GPT-4 for two main tasks: code search and summarization. We reported that 1) the reduction ratio of code has a linear-like relation with the saving ratio on training time, 2) the impact of categorized tokens on code simplification can vary significantly, 3) the impact of categorized tokens on code simplification is task-specific but model-agnostic, and 4) the above findings hold for the paradigm–prompt engineering and interactive in-context learning and this study can save reduce the cost of invoking GPT-4 by 24%per API query. Importantly, SlimCode simplifies the input code with its greedy strategy and can obtain at most 133 times faster than the state-of-the-art technique with a significant improvement. This paper calls for a new direction on code-based, model-agnostic code simplification solutions to further empower LLMs.
1. IJSRD - International Journal for Scientific Research & Development| Vol. 1, Issue 9, 2013 | ISSN (online): 2321-0613
All rights reserved by www.ijsrd.com 1860
Abstract—Network Forensics is scientifically proven
technique to accumulate, perceive, identify, examine,
associate, analyse and document digital evidence from
multiple systems for the purpose of uncovering the fact of
attacks and other problem incident as well as performing the
action to recover from the attack. Many systems are
proposed for designing the network forensic systems. In this
paper we have prepared comparative analysis of various
models based on different techniques.
I. INTRODUCTION
The firewall and IDS are used to handle the network attacks,
but they acquire many limitations like they can’t protect
systems against attacks that bypass them, they can’t protect
the systems against internal threats, and they are not capable
of perceiving new attacks. The a) Analysis b) Examination
and c) Reconstruction of an attack cannot be based on the
firewall logs and IDS alerts.
The preventing mechanism performs investigation
and also traces back the source of attack and prosecutes the
skilful attackers. Such preventing mechanism is provided by
Network forensic.
Network forensics is the science that requires the
network setup i.e. network with security mechanisms and
policies that deals with perceiving, accumulating, storage
and analysis of network traffic, if there is an anomaly in the
traffic and if the anomaly can be an attack, if it is an attack,
then rule information and investigation is performed. At the
end action is performed to implement the rule and restrict
the future attacks.
Network forensics is not another term for network
security [1]. It is an extended phase of network security as
the data for forensic analysis are accumulated from security
products like firewalls and IDS. The outcomes of this data
analysis are utilized for the further investigation of attacks.
Network security protects system against attack while
network forensic focuses on recording evidences of the
attacks. Network security products are generalized and look
for possible harmful behaviours. This monitoring is a
continuous process and is performed all through the day.
But, network forensics involves post-mortem investigation
of the attack.
Network forensics is a natural extension of
computer forensics [2]. Computer forensics involves
preservation, identification, extraction, documentation, and
interpretation of computer data. Network forensics evolved
as a response to the hacker community and involves capture,
recording, and analysis of network events in order to
discover the source of attacks.
II. BACKGROUND
A. Network protection approaches
Networked computers are playing very important roles in
our daily life as well as in our business. As nodes of the vast
network, the networked computers are more vulnerable than
ever before. Network protection approaches are required to
protect the networked computer. These approaches can be
classified in two categories: Defensive Mechanism and
Preventive Mechanism.
1) Defensive Mechanism
Defensive mechanisms are used to prevent the network from
attacks. These types of approaches typically find out
network vulnerabilities and then block any malicious
communication from outside.
Current solutions for defensive approach include
Firewall and Intrusion Detection System (IDS); former is
used for protection and the later for recognition. Firewalls
control traffic that enters a network and leaves a network
based on source and destination address and port numbers. It
filters malicious network traffic according to the firewall
rules. But, it is difficult to find update the signatures of all
vulnerabilities as new vulnerabilities will always keep
occurring. Firewalls are also limited on the amount of state
available and their knowledge of the hosts receiving the
content. The other shortcomings of firewalls are:
1) It cannot protect against attacks that bypass it, such as a
dial–in capability.
2) It is at the network interface and does not protect
against internal threats.
3) It cannot protect against the transfer of virus–laden files
and programs.
Intrusion Detection System (IDS) [3] are primarily for
learning, perceiving and reporting attacks as they happen in
real time and have no evidence gathering feature. IDSs are
of two types – signature based (misuse) recognition and
statistical based (anomaly) recognition. Pattern matching is
done in signature based IDS to perceive intrusion signatures.
It cannot perceive new attacks but has a low false positive
rate. Anomaly based IDS does activity monitoring and is
able to perceive new attacks but has higher false positive
rate. The other shortcomings of IDS are:
1) They increase the complexity of network security
management.
2) They must know a priori the signature or anomaly
pattern.
B. Preventive Mechanism
As the defensive approaches have limitations, the other
approach of network protection becomes more important
[4]. This approach does not block the network crimes but
accumulate enough evidence of these crimes. Network
criminals will be punished for their illegal actions thereby
Comparative Analysis: Network Forensic Systems
Vishvendu M. Bhatt1
Prof. R. K. Somani2
Prof. Pankaj Singh Parihar3
1, 2, 3
Department of Computer Science & Engineering
1, 2, 3
Institute of Technology & Management, Bhilwara (RTU), Rajasthan, India,
2. Comparative Analysis: Network Forensic Systems
(IJSRD/Vol. 1/Issue 9/2013/0043)
All rights reserved by www.ijsrd.com 1861
providing a deterrent to online crime. These methods are
called network forensics.
C. Network forensics
Network forensics deals with the capture and analysis of the
trace and log data of network intrusions from the current
network security products and provides information to
characterize intrusion or misbehaviour features. The power
of various network forensic analysis tools available as open
source can be integrated so that the investigator can have an
edge over the attacker. The storage to handle large volumes
of data and computing power to analyse the same is now
available at cheaper rate. An effective network forensic
system will increase the cost of the network crimes for the
attacker and thus reduce network crime rates.
As it was concerned before, there are two major
purposes for network forensics: one is to enhance network
security; the other is to get evidence for legal issues.
Therefore, there are two types of network forensics. In some
circumstances, the focus of network forensics is only for
security enhancement. The analysis of data is to discover
some characters of the network attacking and to utilize them
guiding the strategies and managements of firewall or
intrusion detection system. Thus, they can be captured and
obtained in the process without rigid legal principles. We
call it GNF - General Network Forensics. The other is SNF–
Strict Network Forensics, which is the intersection between
the computer science and forensics science [5]. It has strict
forensics purpose and its result can be used as evidence. It
has more rigid criteria in the requirement of the legal
validation than the GNF. In SNF processes include many
steps that must satisfy the legal principles. For ensuring
these legal requirements in the process, some computer and
network techniques need be utilized.
We describe the conceptual model of NF as a set of
processes, that is:
NF {Pi [Tj, Lk] | i, j, k 1, 2}
NF: Network Forensics;
Pi: Processes;
Tj: Techniques/Method/Approaches/Systems/Tools;
Lk: Legal principles
This model means network forensics is not a single
product, system, or tool set, but a process involving many
products, systems and tools. The more rigid legal principles
satisfied, the more rigid evidence obtained. Different
purpose of network forensics needs different requirement of
legal principles. If there are more satisfactions of the legal
principles, the GNF will become to SNF. SNF always need
the tools and manual behaviour with the authority, which are
provided by the official authority originations. In current
conditions, with no general agreements in the cyber law and
the delay of the respective rules, the GNF may maintain a
long time, not only in law enforcement communities but
also in the civil or enterprise communities.
In other words, GNF may have more non-law
enforcement applications than SNF, especially if the
attackers are from the different countries or in the conditions
that there is no law to punish the attacker even if you get the
evidence. In this circumstance, perusing the rigid evidence
seems to be wasteful, and then perusing security intelligence
or knowledge from the attacking data seems to be more
useful.
There are two ways of developing a network
forensic process. One way is to reactively use traditional
security products like firewalls & intrusion detection
systems, analyse the data and investigate. The other way is
to proactively lure the attacker by means of honeynets [6] or
greynets [7] to observe the attack patterns and create
behavioural profiles of attackers and their exploitation
mechanisms.
Honeynet is a highly controlled network of
computers, designed in such a way that they will be attacked
and all activity is captured.
A variant of a network, consisting of a region of IP
address space that is sparsely populated with 'dark net'
addresses interspersed with active (or 'lit') IP addresses.
D. Network forensics systems can be of two kinds [8]:
1) “Catch-it-as-you-can” systems, in which all packets
passing through certain traffic point are captured and
written to storage with analysis being done
subsequently in batch mode. This approach requires
large amounts of storage.
2) “Stop, look and listen” systems, in which each packet is
analysed in a rudimentary way in memory and only
certain information saved for future analysis. This
approach requires a faster processor to keep up with
incoming traffic.
E. Network forensic analysis tools
Network Forensic Analysis Tools (NFATs) [9] allow
administrators to monitor the networks, gather all
information about anomalous traffic, and help in network
forensics. NFATs synergizes with IDSs and firewalls
making preserving long term record of network traffic
possible and allowing quick analysis of trouble spots
identified by IDSs and firewalls.
A few functions of an NFAT
Network traffic recording and analysis
Network performance evaluation
Data aggregation from multiple sources
Anomaly recognition
Determination of network protocols in use
Recognition of employee misuse of resources
Security investigations and incident response
Intellectual property protection
1) The commercial NFATs available in the market are –
Net Intercept, NetPerceiveor, Net Flow, Silent Runner,
EnCase, and Visual Route.
2) The open source / freeware NFATs are – TCPDump /
Libpcap / WinDump, Wireshark , Snort , Nmap , P0f ,
Tcpstat , Tcptrace, Tcpflow
3) The following commands are inbuilt in many modern
operating systems and are useful for Network Forensics
– Nslookup, Traceroute, Netstat, Nbtstat, Whois, Ping,
Wget, Dig.
III. NETWORK FORENSICS SYSTEM
Generic Network forensic System includes the following
steps [10]:
1) Identification
2) Preservation
3) Accumulation
3. Comparative Analysis: Network Forensic Systems
(IJSRD/Vol. 1/Issue 9/2013/0043)
All rights reserved by www.ijsrd.com 1862
4) Examination
5) Analysis
6) Presentation
7) Incident Response.
A. Identification
Recognizing an incident from indicators and determining its
type. This is not explicitly within the field of forensics, but
significant because it impacts other steps [11].
Preservation – isolate, secure and preserve the state
of physical and digital evidence. This includes preventing
people from using the digital device or allowing other
electromagnetic devices to be used within an affected radius.
Accumulation – record the physical scene and duplicate
digital evidence using standardized and accepted
procedures.
B. Examination
In-depth systematic search of evidence relating to the
suspected crime. This focuses on identifying and locating
evidence which can be potential, possibly within locations
which are unconventional. Construct detailed documentation
for analysis.
C. Analysis
Determine significance, reconstruct fragments of data and
draw conclusions based on evidence found. It may take
several iterations of examination and analysis to support a
crime theory. The distinction of analysis is that it may not
require high technical skills to perform and thus more
people can work on this case.
D. Presentation
Summarize and provide explanation of conclusions. This
should be written in a layperson’s terms using abstracted
terminology. All abstracted terminology should reference
the specific details.
Incident Response – The response to crime or
intrusion perceived is initiated based on the information
gathered to validate and assess the incident.
This work analyses a process model for Network Forensic
that meets the following requirements:
1) The model must be based on existing theory for
physical crime investigations.
2) The model must be practical and follow the same steps
that an actual investigation would take.
3) The model must be general with respect to technology
and not be constrained to current products and
procedures.
4) The model must be specific enough that general
technology requirements for each phase can be
developed.
5) The model has to be abstract that can apply to law
enforcement investigations, corporate investigations,
and incident response.
A. Distributed systems based Network Forensic System
Internet and LANs are distributed in nature and networks
attack events are logged in clients at various locations.
There is a need to these logs, fuse them and analyse on a
central server. A general scheme for the frameworks is
shown in Figure 1 [5].
Fig. 1: A general schema for Distributed Network Forensic
Systems [5]
B. Soft computing based Network forensic System
The soft computing implementations are used to analyse
captured data and classify the attack data. Neural network
and Fuzzy tools are used for validation of attack occurrence.
A general scheme for the fuzzy logic based system is shown
in Figure 2[4].
Fig. 2: A general scheme for soft computing based network
forensics system [4]
4. Comparative Analysis: Network Forensic Systems
(IJSRD/Vol. 1/Issue 9/2013/0043)
All rights reserved by www.ijsrd.com 1863
C. Honeypot based Network forensic system
Honeypot based system is used to attract the attackers so
that their process methodology can be observed and
analysed to improve defence mechanisms.
IV. COMPARATIVE ANALYSIS
In distributed model the capturing of packet is on multiple
hosts while in Soft computing model it is on the single host.
Distributed model decision making is based on statistical
data while in it is based on non-statistical data. Time and
cost involve in forensic analysis is less in soft computing
model compare to distributed model. In soft computing
model, if the rules are such that we can differentiate between
an attack and legitimate traffic then we get desirable results.
In distributed model it is very hard to differentiate between
an attack and legitimate traffic, so desirable results are not
possible every time. All network traffic is captured in
distributed model; while in soft computing approach some
data may be lost due to centralize capturing system. Incident
response can be easily handled in soft computing model
compare to distributed model.
Honeypot based model is generally used to
improve the defensive mechanisms because they attract the
attackers so that the process methodology can be observed
and analysed. While distributed model and soft computing
based model are mainly used for the preventive
mechanisms.
Honeypot based model cannot be used for
investigation purpose, while distributed based model and
soft computing model can be used for investigation because
the evidence gathering facility is available in these models.
V. CONCLUSION
Network forensics ensures investigation of the attacks by
tracing the attack back to the source and attributing the
crime to a person, host or a network. It has the ability to
predict future attacks by constructing attack patterns from
existing traces of intrusion data. The incident response to an
attack is much faster. The preparation of authentic evidence
can be admissible into a legal system is going to be
facilitated.
We have analysed and compared different
approaches used for network forensic system. We found that
no one covers all characteristic of network forensic system.
Distributed model is efficient in capturing the complete
network traffic. Soft computing model is efficient in
differentiating the attack and legitimate traffic. Honey pot
model is helpful in improving the defensive mechanism.
REFERENCES
[1] V. Broucek and P. Turner, “Forensic computing:
Developing a conceptual approach for an emerging
academic discipline,” 5th Australian Security
Research Symposium, July, 2001.
[2] H. Berghel, “The discipline of Internet forensics,”
Communications of the ACM, vol. 46, no. 8, Aug.,
2003, pp. 15–20.
[3] S. Axelsson, “Intrusion Detection Systems: A Survey
and Taxonomy,” Dept. of Computer Engineering,
Chalmers University of Technology, Mar., 2000.
[4] Z. Liu and D. Feng, “Incremental Fuzzy Decision
Tree-Based Network Forensic System,” Proc. Int’l
Conf. Computational Intelligence and Security (CIS
2005), LNAI 3802, Springer, 2005, pp. 995-1002.
[5] W. Ren and H. Jin, “Distributed Agent-based Real
Time Network Intrusion Forensics System
Architecture Design,” Proc. IEEE 19th Int’l. Conf.
Advanced Information Networking Applications
(AINA 2005), pp. 177–182.
[6] L. Spitzner, “Honeypots: Definitions and Value of
Honeypots”, http://www.trackinghackers.com/papers/
honeypots.html
[7] L. Spitzner, “Know Your Enemy: Defining Virtual
Honeynets”, http://www.honeynet.org
[8] S. Garfinkel, “Network Forensics: Tapping the
Internet” http://www.oreillynet.com/pub/a/network/
2002/04/26/ nettap.html
[9] V. Broucek and P. Turner, “Forensic computing:
Developing a conceptual approach for an emerging
academic disciple Australian Security Research
Symposium, July, 2001.
[10] Emmanuel S. Pilli “Network forensic frameworks:
Survey and research challenges” Journal of Elsevier
Ltd. 2010.
[11] Bura.brunel.ac.uk/bitstream/2438/7651/1/Full text
Thesis.pdf by K Shanmugam - 2011