Skip to main content
Conference ProceedingsOPEN ACCESS

A network forensic scheme using correntropy-variation for attack detection

IFIP Advances in Information and Communication Technology (2018) 532 225-239
DOI: 10.1007/978-3-319-99277-8_13
14Citations
Citations of this article
34Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Network forensic techniques help track cyber attacks by monitoring and analyzing network traffic. However, due to the large volumes of data in modern networks and sophisticated attacks that mimic normal behavior and/or erase traces to avoid detection, network attack investigations demand intelligent and efficient network forensic techniques. This chapter proposes a network forensic scheme for monitoring and investigating network-based attacks. The scheme captures and stores network traffic data, selects important network traffic features using the chi-square statistic and detects anomalous events using a novel correntropy-variation technique. An evaluation of the network forensic scheme employing the UNSW-NB15 dataset demonstrates its utility and high performance compared with three state-of-the-art approaches.

Author supplied keywords

Cite

CITATION STYLE

APA

Moustafa, N., & Slay, J. (2018). A network forensic scheme using correntropy-variation for attack detection. In IFIP Advances in Information and Communication Technology (Vol. 532, pp. 225–239). Springer New York LLC. https://doi.org/10.1007/978-3-319-99277-8_13

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free