Emerging threats, risks and mitigation strategies in network forensics

摘要

Sophisticated intrusions are evolving everyday. Hence, requirements are changing towards computer systems that provide more robust solutions. However, new issues, bugs, threats and vulnerabilities are unavoidably introduced into the market each time a new product is designed to meet users' specifications. For these reasons, Vendors, research community, network forensics professionals and other users of Network Intrusion Detection Systems write tons of detection rules to maximally detect attacks. Despite these, numerous attacks still evade intrusion detectors because of insufficient evidence to expose the emerging threats and risks in the usage of intrusion detection technology. Thus, this paper presents a critical review of these problems. The review provides useful guidelines that can be used to enhance efficacy of intrusion detection system and to achieve high returns on investment.