A comparative study of attributes for gathering admissible evidence in the investigation of distributed denial of service (DDoS) attacks. (1st January 2012)
- Record Type:
- Journal Article
- Title:
- A comparative study of attributes for gathering admissible evidence in the investigation of distributed denial of service (DDoS) attacks. (1st January 2012)
- Main Title:
- A comparative study of attributes for gathering admissible evidence in the investigation of distributed denial of service (DDoS) attacks
- Authors:
- Nehinbe, Joshua Ojo
- Abstract:
- Global crises have widened the scope of criminal activities that intruders commit on computer networks. However, available litigations to charge intruders are ineffective because most electronic evidence obtained from intrusion logs are inadmissible in several courts of law. Therefore, this paper critically discusses the concept of admissible evidence in courts of law and how forensics experts can extract them from intrusion logs. This paper also discusses a model that adopts information theory to reclassify attributes of intrusions that are used to extract admissible evidence. Evaluations demonstrate that majority of the attributes of distributed denial of service attacks are less informative. The results suggest that type of service, TCP flags, TTL, length of packet, destination IP address, TCP acknowledgement and IP protocol are less informative while source addresses, destination port address and timestamp are informative attributes for forensics investigation of distributed denial of service attacks investigated in this paper.
- Is Part Of:
- International journal of internet technology and secured transactions. Volume 4:Number 2(2012)
- Journal:
- International journal of internet technology and secured transactions
- Issue:
- Volume 4:Number 2(2012)
- Issue Display:
- Volume 4, Issue 2 (2012)
- Year:
- 2012
- Volume:
- 4
- Issue:
- 2
- Issue Sort Value:
- 2012-0004-0002-0000
- Page Start:
- 121
- Page End:
- 138
- Publication Date:
- 2012-01-01
- Subjects:
- network forensics -- intrusion -- IDS -- admissible evidence -- e-criminals
Internet -- Security measures -- Periodicals
Computer security -- Periodicals
Information systems management -- Security measures -- Periodicals
Computer networks -- Security measures -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.inderscience.com/jhome.php?jcode=ijitst ↗
http://www.inderscience.com/ ↗ - Languages:
- English
- ISSNs:
- 1748-569X
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 8740.xml