A Digital Evidence Fusion Method in Network Forensics Systems with Dempster-Shafer Theory

摘要

Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.