Weitere Kapitel dieses Buchs durch Wischen aufrufen
In digital forensics in general and in network forensics in particular, search through very large amounts of data plays a crucial role. It is used for finding evidence in digital media as well as for finding traces of attacks in computer memory and network traffic. The amount of data to be processed is not the only challenge faced by a search algorithm. Variations in data make the search task even more difficult, and the reasons for these variations are heterogeneous (transmission errors, differences in implementation of various protocols, different data formatting on various sources of information, attempts to hide the traces of criminal activities, and so on). In some cases, especially in network forensics, velocity of data is an additional factor that further complicates the task of a search algorithm. Therefore, the use of sophisticated search algorithms implemented in an efficient way and the reduction of data quantities to process are the key success factors of digital forensics investigation. In this chapter, constrained approximate bit-parallel search algorithms capable of both reducing the size of the data sets to process and efficiently processing the remaining data are explained. We analyze capabilities of these algorithms to correctly detect evidence/traces of attacks and to keep the false-positive rate at an acceptable level.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
DAWG—Directed Acyclic Word Graph.
Baeza-Yates, R., & Gonnet, G. (1992). A new approach to text searching. Communications of the ACM, 35, 74–82. CrossRef
Barton, C., Iliopoulos, C., & Pissis, S. (2015). Average-case optimal approximate circular string matching. In A. Dediu, E. Formenti, C. Marín-Vide, & B. Truthe (Eds.), Language and automata theory and applications (pp. 85–96).
Bro. https://www.bro.org/. Cited April 25, 2017
Elasticsearch. https://www.elastic.co/products/elasticsearch. Cited May 9, 2017
Faro, S., & Lecroq, T. (2012). Twenty years of bit-parallelism in string matching. In J. Holub, B. Watson, J. Ždárek (Eds.), Festschrift for Bořivoj Melichar (pp. 72–101).
Forensic Toolkit (FTK). http://accessdata.com/solutions/digital-forensics/forensic-toolkit-ftk. Cited May 9, 2017
Kuri, J., & Navarro, G. (2000). Fast multipattern search algorithms for intrusion detection. In String processing and information retrieval (SPIRE 2000) (pp. 169–180).
Le-Dang, N., Le, D., & Le, V. (2016). A new multiple-pattern matching algorithm for the network intrusion detection system. IACSIT International Journal of Engineering and Technology, 8, 94–100. CrossRef
Lucene, A. http://lucene.apache.org/. Cited April 25, 2017
Petrović, S. (2016). A SPAM filtering scenario using bit-parallel approximate search. In P. Gomila, & M. Hinarejos (Eds.), Proceedings of the XIV Spanish Conference on Cryptology and Information Security (RECSI2016) (pp. 186–190).
Shrestha, A., & Petrović, S. (2015). Approximate search with constraints on indels with application in SPAM filtering. In V. Oleshchuk (Ed.) Proceedings of Norwegian Information Security Conference (NISK-2015) (pp. 22–33).
Shrestha, A., & Petrović, S. (2016). Constrained row-based bit-parallel search in intrusion detection. In A. Kolosha (Ed.) Proceedings of Norwegian Information Security Conference (NISK-2016) (pp. 68–79).
Snort. https://www.snort.org/. Cited April 25, 2017
Sung-il, O., Min, S., & Inbok, L. (2013). An efficient bit-parallel algorithm for IDS. In: A. Aghdam, & M. Guo (Eds.) Proceedings of RACS 2013 (pp. 43–44).
Suricata. https://suricata-ids.org/. Cited April 25, 2017
Tan, L., & Sherwood, T. (2006). Architectures for bit-split string scanning in intrusion detection. IEEE Micro, 26, 110–117. CrossRef
Wu, S., & Manber, U. (1992). Fast text searching allowing errors. Communications of the ACM, 35, 83–91. CrossRef
- Approximate Search in Digital Forensics
- Chapter 20