Call for Paper - January 2023 Edition
IJCA solicits original research papers for the January 2023 Edition. Last date of manuscript submission is December 20, 2022. Read More

Computer Network Forensics Assistance Methodology Focused on Denial of Service Attacks

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2020
Authors:
Hans Newton Fonseca Cantanhede, Samyr Béliche Vale
10.5120/ijca2020919788

Hans Newton Fonseca Cantanhede and Samyr Béliche Vale. Computer Network Forensics Assistance Methodology Focused on Denial of Service Attacks. International Journal of Computer Applications 177(33):1-11, January 2020. BibTeX

@article{10.5120/ijca2020919788,
	author = {Hans Newton Fonseca Cantanhede and Samyr Béliche Vale},
	title = {Computer Network Forensics Assistance Methodology Focused on Denial of Service Attacks},
	journal = {International Journal of Computer Applications},
	issue_date = {January 2020},
	volume = {177},
	number = {33},
	month = {Jan},
	year = {2020},
	issn = {0975-8887},
	pages = {1-11},
	numpages = {11},
	url = {http://www.ijcaonline.org/archives/volume177/number33/31112-2020919788},
	doi = {10.5120/ijca2020919788},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

The problem addressed in this paper is the difficulty in criminalizing denial of service attacks in Brazil. With the advent of Law 12.737 of 2012 in Brazil, known as the Computer Crimes Law, these attacks could be considered crimes. However, no procedures were found to support it. This paper proposes a methodology based on the 2012 Computer Crime Law to assist computer networks forensic analysis, focused on charging offenders who commit denial of service attacks, as well as to present a computational architecture to automate its steps. For this purpose, it was promoted a review of related works and also dedicated sections for the clarification of terms needed to contextualize the research. At the end of the article, the methodology and its steps are presented, and also the proposed architecture and the results of experiments performed to validate the proposal. It is concluded that the availability of the information obtained by the aid of the proposed methodology demonstrates that the investigation authority can proceed with the duly substantiated liability of the offending agents.

References

  1. Mohamed Abomhara and Geir M. Kien. Cyber security and the internet of things: Vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility, 4(1):65–88, 2015.
  2. W.H. Allen. Computer forensics. IEEE Security and Privacy Magazine, 3(4):59–62, jul 2005.
  3. Izzat Alsmadi and Mamoun Alazab. A model based approach for the extraction of network forensic artifacts. In 2017 Cybersecurity and Cyberforensics Conference (CCC). IEEE, nov 2017.
  4. Douglas J et al. Brown. A survey of intrusion detection systems. Department of Computer Science, University of California, San Diego, 2002.
  5. Yubao Chen. Integrated and intelligent manufacturing: Perspectives and enablers. Engineering, 3(5):588–595, oct 2017.
  6. Ari Cover and Ricardo Deitoz Posser et al. Methodology of communication between a criminal database and a virtual reality environment for forensic study. In 2017 19th Symposium on Virtual and Augmented Reality (SVR). IEEE, nov 2017.
  7. Alexandre Alberto Gonalves da Silva. A percia forense no Brasil. PhD thesis, USP, 2009.
  8. Marcelo Xavier de Freitas Crespo. Do conhecimento da ilicitude em face da expanso do direito penal. PhD thesis, USP, 2012.
  9. Ali Reza Arasteh et al. Analyzing multiple logs for forensic evidence. Digital Investigation, 4:82–91, sep 2007.
  10. Denis Trek et al. Advanced framework for digital forensic technologies and procedures. Journal of Forensic Sciences, 55(6):1471–1480, aug 2010.
  11. Eldow et al. Computer network security ids tools and techniques (snort/suricata). Int. J. Sci. Res. Publ, 6(1):593, 2016.
  12. Emmanuel S. Pilli et al. Network forensic frameworks: Survey and research challenges. Digital Investigation, 7(1-2):14–27, oct 2010.
  13. Haining Wang et al. Detecting SYN flooding attacks. In Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies, volume 3, pages 1530–1539. IEEE, 2002.
  14. Hossein Hadian Jazi et al. Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Computer Networks, 121:25–36, jul 2017.
  15. Hudan Studiawan et al. A survey on forensic investigation of operating system logs. Digital Investigation, 29:1–20, jun 2019.
  16. Igor Zikratov et al. Ensuring data integrity using blockchain technology. In 2017 20th Conference of Open Innovations Association (FRUCT). IEEE, apr 2017.
  17. Iman Sharafaldin et al. Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy. SCITEPRESS - Science and Technology Publications, 2018.
  18. K. Narasimha Mallikarjunan et al. A survey of distributed denial of service attack. In 2016 10th International Conference on Intelligent Systems and Control (ISCO). IEEE, jan 2016.
  19. Khan et al. Network threats, attacks and security measures: A review. International Journal of Advanced Research in Computer Science, 8(8):116–120, aug 2017.
  20. Konstantinos Koumidis et al. Optimizing blockchain for data integrity in cyber physical systems. In 5th International Symposium for ICS & SCADA Cyber Security Research 2018 (ICS-CSR 2018). BCS Learning & Development, aug 2018.
  21. Mahbod Tavallaee et al. A detailed analysis of the KDD CUP 99 data set. In 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. IEEE, jul 2009.
  22. Mahdi Miraz et al. Internet of nano-things, things and everything: Future growth trends. Future Internet, 10(8):68, jul 2018.
  23. Max Landauer et al. Dynamic log file analysis: An unsupervised cluster evolution approach for anomaly detection. Computers & Security, 79:94–116, nov 2018.
  24. Nikhil S.Mangrulkar et al. Network attacks and their detection mechanisms: A review. International Journal of Computer Applications, 90(9):37–39, mar 2014.
  25. Roesch et al. Snort: Lightweight intrusion detection for networks. In Lisa, volume 99, pages 229–238, 1999.
  26. Tiago Perlin et al. Deteco de anomalias em redes de computadores e o uso de wavelets. Revista Brasileira de Computao Aplicada, 3(1):2–15, 2011.
  27. B. B. Gupta and Omkar P. Badve. Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Computing and Applications, 28(12):3655–3682, apr 2016.
  28. The British Standards Institution. Information technology. security techniques. guidelines for identification, collection, acquisition and preservation of digital evidence.
  29. A R Jayakrishnan. Empirical survey on advances of network forensics in the emerging networks. International Journal of Cyber-Security and Digital Forensics, 7(1):38–46, 2018.
  30. Vera Kaiser Sanches Kerr. A disciplina, pela legislao processual penal brasileira, da prova pericial relacionada ao crime informtico praticado por meio da Internet. PhD thesis, USP, 2011.
  31. A. Kumaravel and M. Niraisha. Multi-classification approach for detecting network attacks. In 2013 IEEE CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGIES. IEEE, apr 2013.
  32. S. Latha and Sinthu Janita Prakash. A survey on network attacks and intrusion detection systems. In 2017 4th International Conference on Advanced Computing and Communication Systems (ICACCS). IEEE, jan 2017.
  33. Pei-Ting Lee and Baijian Yang. Indexing architecture for file extraction from network traffic. In Proceedings of the 6th Annual Conference on Research in Information Technology - RIIT ’17. ACM Press, 2017.
  34. Mrunal H. Mate and Smita R. Kapse. Network forensic tool – concept and architecture. In 2015 Fifth International Conference on Communication Systems and Network Technologies. IEEE, apr 2015.
  35. Mehdi Merouane. An approach for detecting and preventing DDoS attacks in campus. Automatic Control and Computer Sciences, 51(1):13–23, jan 2017.
  36. Antnio De Jesus Neres and Clives Pereira Sanches. Procedimento operacional padro na PMGO. Revista Brasileira de Estudos de Segurana Pblica, 11(1), aug 2018.
  37. Brian Ray. Extending the blockchain: Ensuring transactional integrity in relational data via blockchain technology. Technical report, aug 2019.
  38. Klaus Schwab. THE FOURTH INDUSTRIAL REVOLUTION (INDUSTRY 4.0) a SOCIAL INNOVATION PERSPECTIVE. In Journal of Ethnic Minorities Research, number 23. Vietnam National University Journal of Science, sep 2018.
  39. Peter Stephenson. Structured investigation of digital incidents in complex computing environments. Information Systems Security, 12(3):29–38, jul 2003.
  40. Gisele Truzzi and Alexandre Daoun. Crimes informticos: O direito penal na era da informao. In Proceedings of The Second International Conference on Forensic Computer Science. ABEAT, sep 2009.
  41. Hanqing Wu and Liz Zhao. Application-layer denial-of-service attacks. In Web Security, pages 343–368. Auerbach Publications, mar 2015.
  42. Alec Yasinsac and Yanet Manzano. Policies to enhance computer and network forensics. In Proceedings of the 2001 IEEE workshop on information assurance and security, pages 289–295, 2001.

Keywords

Forensic network analysis, Assistance methodology, Denial of service, Computer crime law, Computer architecture