Automatic log file analysis in network forensics using knowledge flow paradigms.

摘要

Cyber attacks are becoming more prevalent and sophisticated in today's world. Although security mechanisms such as firewalls and intrusion detection systems are usually in place to protect a network, attacks can still bypass them and cause havoc. Thus, the emerging field of network forensics is often needed to find the cause of an attack to better protect the network in the future. Currently, the method of manually analyzing network transaction log files is a time consuming process. Due to this inefficiency in manual analysis, quick and accurate methods to automate log file analysis after an attack incident will help network forensics experts with this process. In this thesis, we propose and implement a semi-automated approach to log file analysis by using supervised machine learning techniques. Specifically, we apply the Naive Bayes, J48, and IBk algorithms to classify individual packets. Our results show that these algorithms can reduce the time for after-incident, ad-hoc log file analysis with improved accuracy.