Next Article in Journal
A Novel Multi-Focus Image Fusion Method Based on Stochastic Coordinate Coding and Local Density Peaks Clustering
Previous Article in Journal / Special Issue
A Review on Hot-IP Finding Methods and Its Application in Early DDoS Target Detection
Article Menu

Export Article

Open AccessArticle
Future Internet 2016, 8(4), 54;

Network Forensics Method Based on Evidence Graph and Vulnerability Reasoning

Faculty of Information Technology & Beijing Engineering Research Center for IoT Software and Systems, Beijing University of Technology, Beijing 100124, China
College of Computer and Information Technology, China Three Gorges University, Yichang 443002, China
Authors to whom correspondence should be addressed.
Academic Editors: Jiankun Hu and Dino Giuli
Received: 14 August 2016 / Revised: 15 October 2016 / Accepted: 18 October 2016 / Published: 10 November 2016
(This article belongs to the Special Issue Cyber Warfare)
Full-Text   |   PDF [2583 KB, uploaded 10 November 2016]   |  


As the Internet becomes larger in scale, more complex in structure and more diversified in traffic, the number of crimes that utilize computer technologies is also increasing at a phenomenal rate. To react to the increasing number of computer crimes, the field of computer and network forensics has emerged. The general purpose of network forensics is to find malicious users or activities by gathering and dissecting firm evidences about computer crimes, e.g., hacking. However, due to the large volume of Internet traffic, not all the traffic captured and analyzed is valuable for investigation or confirmation. After analyzing some existing network forensics methods to identify common shortcomings, we propose in this paper a new network forensics method that uses a combination of network vulnerability and network evidence graph. In our proposed method, we use vulnerability evidence and reasoning algorithm to reconstruct attack scenarios and then backtrack the network packets to find the original evidences. Our proposed method can reconstruct attack scenarios effectively and then identify multi-staged attacks through evidential reasoning. Results of experiments show that the evidence graph constructed using our method is more complete and credible while possessing the reasoning capability. View Full-Text
Keywords: network forensics; evidence graph; vulnerability reasoning; vulnerability evidence reasoning algorithm network forensics; evidence graph; vulnerability reasoning; vulnerability evidence reasoning algorithm

Graphical abstract

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).

Share & Cite This Article

MDPI and ACS Style

He, J.; Chang, C.; He, P.; Pathan, M.S. Network Forensics Method Based on Evidence Graph and Vulnerability Reasoning. Future Internet 2016, 8, 54.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics



[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top