Artificial Intelligent Systems and Machine Learning

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Forensic Investigation of Malicious Insider in Critical Networks using Computational Intelligence


Affiliations
1 Computer Science and Engineering, Dr. Sivanthi Aditanar College of Engineering, Tiruchendur-628215, India
     

   Subscribe/Renew Journal


The Insider Threat is minimally addressed by current information security practices, yet the insider poses the most serious threat to organization for various reasons. Forensic investigation of the malicious insider is a technique used to prove the presence of malicious insider with digital evidence. The first phase is the network monitoring and packet capturing. The information in a network are transferred using packets, these packets are monitored and captured and the important features are extracted. The administrator uses this network monitoring and packet investigation inorder to gather the needed information‘s. The Analyzation of the log files are performed inorder to extract the pattern from files. The extracted features from packets and the log files are compared and the patterns are extracted. The data pattern‘s are grouped into clusters to trace the anomaly, clusters are classified as legal and anomaly pattern with the help of clustering algorithm. If anomaly is traced the user‘s past activities are referred and a cross check is made with captured packets. The computational intelligence algorithm is used to provide the digital evidence by cross checking log and packets, with this algorithm the presence of Malicious Insider in the critical networks are proved.

Keywords

Insider Threat, Intelligence Analyses, Privacy, Data Mining, Network Forensics, Attack Pattern.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 237

PDF Views: 3




  • Forensic Investigation of Malicious Insider in Critical Networks using Computational Intelligence

Abstract Views: 237  |  PDF Views: 3

Authors

R. Buvana Nayaki
Computer Science and Engineering, Dr. Sivanthi Aditanar College of Engineering, Tiruchendur-628215, India
J. Mark Jain
Computer Science and Engineering, Dr. Sivanthi Aditanar College of Engineering, Tiruchendur-628215, India

Abstract


The Insider Threat is minimally addressed by current information security practices, yet the insider poses the most serious threat to organization for various reasons. Forensic investigation of the malicious insider is a technique used to prove the presence of malicious insider with digital evidence. The first phase is the network monitoring and packet capturing. The information in a network are transferred using packets, these packets are monitored and captured and the important features are extracted. The administrator uses this network monitoring and packet investigation inorder to gather the needed information‘s. The Analyzation of the log files are performed inorder to extract the pattern from files. The extracted features from packets and the log files are compared and the patterns are extracted. The data pattern‘s are grouped into clusters to trace the anomaly, clusters are classified as legal and anomaly pattern with the help of clustering algorithm. If anomaly is traced the user‘s past activities are referred and a cross check is made with captured packets. The computational intelligence algorithm is used to provide the digital evidence by cross checking log and packets, with this algorithm the presence of Malicious Insider in the critical networks are proved.

Keywords


Insider Threat, Intelligence Analyses, Privacy, Data Mining, Network Forensics, Attack Pattern.