The Library
Visualisation of network forensics traffic data with a self-organising map for qualitative features
Tools
Palomo, E. J., North, J., Elizondo, D., Luque, R.M. and Watson, Tim (2011) Visualisation of network forensics traffic data with a self-organising map for qualitative features. In: The 2011 International Joint Conference onNeural Networks (IJCNN), San Jose, CA, 31 Jul 2011 - 5 Aug 2011. Published in: The 2011 International Joint Conference onNeural Networks (IJCNN) pp. 1740-1747. ISBN 9781424496358. doi:10.1109/IJCNN.2011.6033434
Research output not available from this repository.
Request-a-Copy directly from author or use local Library Get it For Me service.
Official URL: http://dx.doi.org/10.1109/IJCNN.2011.6033434
Abstract
Digital crimes are a part of modern life but evidence of these crimes can be captured in network traffic data logs. Analysing these logs is a difficult process, this is especially true as the format that different attacks can take can vary tremendously and may be unknown at the time of the analysis. The main objective of the field of network forensics consists of gathering evidence of illegal acts from a networking infrastructure. Therefore, software tools, and techniques, that can help with these digital investigations are in great demand. In this paper, an approach to analysing and visualising network traffic data based upon the use of self-organising maps (SOM) is presented. The self-organising map has been widely used in clustering tasks in the literature; it can enable network clusters to be created and visualised in a manner that makes them immediately more intuitive and understandable and can be performed on high-dimensional input data, transforming this into a much lower dimensional space. In order to show the usefulness of this approach, the self-organising map has been applied to traffic data, for use as a tool in network forensics. Moreover, the proposed SOM takes into account the qualitative features that are present in the traffic data, in addition to the quantitative features. The traffic data was was clustered and visualised and the results were then analysed. The results demonstrate that this technique can be used to aid in the comprehension of digital forensics and to facilitate the search for anomalous behaviour in the network environment.
Item Type: | Conference Item (Paper) | ||||
---|---|---|---|---|---|
Divisions: | Faculty of Science, Engineering and Medicine > Engineering > WMG (Formerly the Warwick Manufacturing Group) | ||||
Journal or Publication Title: | The 2011 International Joint Conference onNeural Networks (IJCNN) | ||||
Publisher: | IEEE | ||||
ISBN: | 9781424496358 | ||||
Book Title: | The 2011 International Joint Conference on Neural Networks | ||||
Official Date: | 2011 | ||||
Dates: |
|
||||
Page Range: | pp. 1740-1747 | ||||
DOI: | 10.1109/IJCNN.2011.6033434 | ||||
Status: | Peer Reviewed | ||||
Publication Status: | Published | ||||
Conference Paper Type: | Paper | ||||
Title of Event: | The 2011 International Joint Conference onNeural Networks (IJCNN) | ||||
Type of Event: | Conference | ||||
Location of Event: | San Jose, CA | ||||
Date(s) of Event: | 31 Jul 2011 - 5 Aug 2011 |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |