INTEGRATED PROACTIVE FORENSICS MODEL IN NETWORK INFORMATION SECURITY

Izdanje: Sinteza 2014 - Impact of the Internet on Business Activities in Serbia and Worldwide

DOI: 10.15308/sinteza-2014-693-699

Link: https://doi.org/10.15308/sinteza-2014-693-699

Apstrakt:
Internet is increasingly used in all aspects of our daily lives. In many cases, application security cannot provide the required level of security. Therefore, proactive collection of network data from all of the network layers in real time and forensic analysis of network traffic can easily help to uncover information about the internal or external attacks and to prevent potential damages. Consequently, best way is to combine application and system monitoring and perform centralized traffic monitoring to correlate events. Tracing traffic at multiple levels and points could potentially provide more information about the intrusion features. With the wide deployment of centralized log monitoring, the analysis of the data collected from those deployments has become an important research area in proactive network security. It has been shown that data collected in such manner can be used to detect traffic anomalies and improve network intrusion detection. In practice, attacks should be detected as soon as possible by monitoring system, in order to take appropriate corrective measures in timely manner. In this paper deferent types of network events and data sources are described and its integration with centralized log management infrastructure in proactive forensic architecture is researched. The authors of this paper proposed an integrated proactive digital forensic (PDF) model for internal and external attacks and its contribution to overall network security in context of high – volume network traffic, big data and virtualized cloud computing environment.
Ključne reči: logging, monitoring system, proactive network forensics, integrated security event management, intrusion-detection

Preuzimanje citata:

BibTeX format
@article{article,
  author  = {G. Grubor and I. Barać}, 
  title   = {INTEGRATED PROACTIVE FORENSICS MODEL IN NETWORK INFORMATION SECURITY},
  journal = {Sinteza 2014 - Impact of the Internet on Business Activities in Serbia and Worldwide},
  year    = 2014,
  doi     = {10.15308/sinteza-2014-693-699}
}
RefWorks Tagged format
RT Conference Proceedings
A1 Gojko Grubor
A1 Ivan Barać
T1 INTEGRATED PROACTIVE FORENSICS MODEL IN NETWORK INFORMATION SECURITY
AD Međunarodna naučna konferencija Sinteza, Beograd, Srbija
YR 2014
NO doi: 10.15308/sinteza-2014-693-699
Unapred formatirani prikaz citata
G. Grubor and I. Barać, INTEGRATED PROACTIVE FORENSICS MODEL IN NETWORK INFORMATION SECURITY, Međunarodna naučna konferencija Sinteza, 2014, doi:10.15308/sinteza-2014-693-699