A Probabilistic Logic Programming Based Model for Network Forensics

Abstract

Network forensics is the science that addresses the capture, recording and analysis of network events and traffic for detecting intrusions and investigating them, attributing blame and supporting a case against potential intruders in an appropriate court of law. Network forensics involves post mortem investigation of the attack. Forensics investigations are initiated after the attack has happened. Different stages of legal proceedings (such as obtaining a warrant or evidence to the jury) require reconstructing an attack scenario from an attacked system with varying degrees of certainty. In order to present the scenario that can be best supported by evidence, digital forensic investigators analyze all possible attack scenarios reconstructed from the available evidence. The analysis phase also assigns some indication of possibilities, including an odds ratio for each potential attack.