INTEGRATED PROACTIVE FORENSICS MODEL IN NETWORK INFORMATION SECURITY

Internet is increasingly used in all aspects of our daily lives. In many cases, application security cannot provide the required level of security. Therefore, proactive collection of network data from all of the network layers in real time and forensic analysis of network traffic can easily help to uncover information about the internal or external attacks and to prevent potential damages. Consequently, best way is to combine application and system monitoring and perform centralized traffic monitoring to correlate events. Tracing traffic at multiple levels and points could potentially provide more information about the intrusion features. With the wide deployment of centralized log monitoring, the analysis of the data collected from those deployments has become an important research area in proactive network security. It has been shown that data collected in such manner can be used to detect traffic anomalies and improve network intrusion detection. In practice, attacks should be detected as soon as possible by monitoring system, in order to take appropriate corrective measures in timely manner. In this paper deferent types of network events and data sources are described and its integration with centralized log management infrastructure in proactive forensic architecture is researched. The authors of this paper proposed an integrated proactive digital forensic (PDF) model for internal and external attacks and its contribution to overall network security in context of high – volume network traffic, big data and virtualized cloud computing environment.