• PDF / 248,943 Bytes
• 11 Pages / 430 x 660 pts Page_size
• 63 Downloads / 204 Views

DOWNLOAD

REPORT

3

National Security Research Institute, Korea [email protected] 2 Div. of Information Engineering, Mokpo Nat’l Univ. [email protected] Div. of Electr-Comput. & Inform-Engine., Chonnam Nat’l Univ. [email protected]

Abstract. In the past, computer forensics was only used by means of investigation. However, nowadays, due to the sharp increase of awareness of computer security, computer forensics becomes very significant even to the nonprofessionals, and it needs inference as well as the integrity and reliability of the procedure. In this paper, we describe the inference rules using Fuzzy Petri Nets and adapt the collected data in a compromised system to a proposition for inference of the intrusion information. The inferred results are expressed as formalized 5W1H format. The COMFEX(COMputer Forensic EXpert system) is inferable, even if the data is damaged in certain section, and the inference function of uncertainty is improved. This is useful to a system administrator who has weak analyzing ability of hacking, and it has improved capacity of managing the system security. Keywords: Computer forensics, fuzzy Petri nets, inference rule, hacking, expert system.

1

Introduction

Security and hacking will be improved in the complementary relation, and computer forensics is more important to treat an event after an attack. Computer forensics deals with preservation, detection, analysis, and documentation of data. Its fields are classified into law enforcement, information warfare, and industrial security infrastructure [1]. The traditional computer forensics is focused on the law enforcement. It lays emphasis on legal issue in order that it should guarantee to protect a raw image and to verify the integrity, which means the evidence is not changed [2]. On the other hand, the computer forensics on military or commercial issue stress that the occurrence of an attack should be quickly detected and the threat of attack is quickly removed [1]. Because the existing tools for computer forensics show only simple results, the administrators have difficulty in analyzing the state of the damaged system without expert knowledge. 

Corresponding author.

M.S. Szczuka et al. (Eds.): ICHIT 2006, LNAI 4413, pp. 312–322, 2007. c Springer-Verlag Berlin Heidelberg 2007 

Expert System Using Fuzzy Petri Nets in Computer Forensics

313

Actually, a forensic expert uses the simple forensic tools to collect the evidence and to investigate the site of the event. Because system administrators are not able to analyze the hacking, they need some aid of the expert for analyzing hacking. Therefore, an advanced forensic tool is needed so that a non-expert administrator can utilize it with ease. The crafty hackers remove their traces, install a tool for re-accessing anytime, and hide the tool. This prevents normal inferring the intrusion situation. The forensic experts are able to infer from the damaged data, but the non-experts can’t get the intrusion information be-cause they depend only on the forensic tool. For this reason, even when the data is lo

Recommend Documents

Fuzzy Petri Nets Based Information System Security Situation Assessment Model

192 43 608KB

Petri Nets

178 18 6MB

A Train Rescheduling System Using Timed Coloured Petri Nets

244 53 12MB

Petri Nets

201 50 54MB

Petri Nets

171 74 2MB

Performance assessment of milk processing system using Petri nets

187 15 1MB

Supervision of Petri Nets

165 61 14MB

Safety Assessment of Equipment Software Based on Fuzzy Petri Nets

157 29 8MB

Multi-robot Path Planning Using Petri Nets

191 106 22MB

Petri Nets with Parameterised Data

190 35 31MB

Knowledge representation and reasoning with industrial application using interval-valued intuitionistic fuzzy Petri nets

170 7 3MB

Lending Petri Nets and Contracts

209 53 446KB