Network forensics: Review, taxonomy, and open challenges

被引:65
作者
Khan, Suleman [1 ,2 ]
Gani, Abdullah [1 ,2 ]
Wahab, Ainuddin Wahid Abdul [2 ]
Shiraz, Muhammad [3 ]
Ahmad, Iftikhar [4 ]
机构
[1] Univ Malaya, Ctr Mobile Cloud Comp Res C4MCCR, Kuala Lumpur, Malaysia
[2] Univ Malaya, Fac Comp Sci & Informat Technol, Kuala Lumpur, Malaysia
[3] Fed Urdu Univ Arts Sci & Technol, Dept Comp Sci, Karachi, Pakistan
[4] King Saud Univ, Dept Software Engn, Coll Comp & Informat Sci, Riyadh 11543, Saudi Arabia
关键词
Forensic; Investigation; Cybercrimes; Digital evidence; Intrusion detection; DETERMINISTIC PACKET MARKING; IP TRACEBACK; INTERNET; ATTACKS; GENERATION;
D O I
10.1016/j.jnca.2016.03.005
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
In recent years, a number of network forensics techniques have been proposed to investigate the increasing number of cybercrimes. Network forensics techniques assist in tracking internal and external network attacks by focusing on inherent network vulnerabilities and communication mechanisms. However, investigation of cybercrime becomes more challenging when cyber criminals erase the traces in order to avoid detection. Therefore, network forensics techniques employ mechanisms to facilitate investigation by recording every single packet and event that is disseminated into the network. As a result, it allows identification of the origin of the attack through reconstruction of the recorded data. In the current literature, network forensics techniques are studied on the basis of forensic tools, process models and framework implementations. However, a comprehensive study of cybercrime investigation using network forensics frameworks along with a critical review of present network forensics techniques is lacking. In other words, our study is motivated by the diversity of digital evidence and the difficulty of addressing numerous attacks in the network using network forensics techniques. Therefore, this paper reviews the fundamental mechanism of network forensics techniques to determine how network attacks are identified in the network. Through an extensive review of related literature, a thematic taxonomy is proposed for the classification of current network forensics techniques based on its implementation as well as target data sets involved in the conducting of forensic investigations. The critical aspects and significant features of the current network forensics techniques are investigated using qualitative analysis technique. We derive significant parameters from the literature for discussing the similarities and differences in existing network forensics techniques. The parameters include framework nature, mechanism, target dataset, target instance, forensic processing, time of investigation, execution definition, and objective function. Finally, open research challenges are discussed in network forensics to assist researchers in selecting the appropriate domains for further research and obtain ideas for exploring optimal techniques for investigating cyber-crimes. (C) 2016 Elsevier Ltd. All rights reserved.
引用
收藏
页码:214 / 235
页数:22
相关论文
共 147 条
[1]  
Afanasyev M, 2011, COMMUN ACM, V54, P78, DOI [10.1145/1941487.1841508, 10.1145/1941487.1941508]
[2]  
Akhunzada A., 2015, J NETW COMPUT APPL
[3]   Packet Marking With Distance Based Probabilities for IP Traceback [J].
Akyuz, Turker ;
Sogukpinar, Ibrahim .
2009 FIRST INTERNATIONAL CONFERENCE ON NETWORKS & COMMUNICATIONS (NETCOM 2009), 2009, :433-438
[4]  
Albanese M, 2011, LECT NOTES COMPUT SC, V6879, P416, DOI 10.1007/978-3-642-23822-2_23
[5]  
Alharbi S, PROACTIVE REACTIVE D, P87
[6]  
Aminnezhad a., 2012, Int. J. CyberSecur. Digit. Forensic, V1, P311
[7]  
Anderson J., 2001, ANAL FRAGMENTA UNPUB
[8]  
[Anonymous], 2013, INFORM MANAGEMENT SC, DOI DOI 10.1007/978-1-4471-4805-0_15
[9]  
[Anonymous], 2001, Proceedings of the 2001 Digital Forensics Research Workshop (DFRWS 2004)
[10]  
[Anonymous], P IEEE VEH TECHN C V