{"title":"面向多媒体通信服务的取证分析","authors":"D. Geneiatakis, A. Keromytis","doi":"10.1109/WAINA.2011.14","DOIUrl":null,"url":null,"abstract":"No matter how robust the employed security mechanisms are malicious users or attackers will always find a way to bypass them. In addition, National Institute of Security and Technology mentions \"In conjunction with appropriate tools & procedures, audit trail can assist in detecting security violation and flaws in applications\". Until now, in Multimedia Communication Services (MCS), such as Voice over IP, audit trails are not utilized in security audits due to (a) the lack of the appropriate analysis tools and (b) privacy restrictions. In this paper we report on the analysis of MCS audit trail by employing a novel method for identifying \"uncommon\" traffic indicating non normal behaviour that does not violate users’ privacy. We rely on entropy theory and the notion of \"itself information\" to quantify the randomness of specific message segments, and we also introduce the term \"actual itself information\" for the assessment of entire message randomness. To protect users’ privacy we hash audit trail’s data. For evaluating the applicability of our proposed method we utilize an audit trail of a real MCS provider published by honey pot project. Initial outcomes show the feasibility of employing such a method to recognize \"uncommon\" traffic, recorded in MCS audit trail.","PeriodicalId":355789,"journal":{"name":"2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Towards a Forensic Analysis for Multimedia Communication Services\",\"authors\":\"D. Geneiatakis, A. Keromytis\",\"doi\":\"10.1109/WAINA.2011.14\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"No matter how robust the employed security mechanisms are malicious users or attackers will always find a way to bypass them. In addition, National Institute of Security and Technology mentions \\\"In conjunction with appropriate tools & procedures, audit trail can assist in detecting security violation and flaws in applications\\\". Until now, in Multimedia Communication Services (MCS), such as Voice over IP, audit trails are not utilized in security audits due to (a) the lack of the appropriate analysis tools and (b) privacy restrictions. In this paper we report on the analysis of MCS audit trail by employing a novel method for identifying \\\"uncommon\\\" traffic indicating non normal behaviour that does not violate users’ privacy. We rely on entropy theory and the notion of \\\"itself information\\\" to quantify the randomness of specific message segments, and we also introduce the term \\\"actual itself information\\\" for the assessment of entire message randomness. To protect users’ privacy we hash audit trail’s data. For evaluating the applicability of our proposed method we utilize an audit trail of a real MCS provider published by honey pot project. Initial outcomes show the feasibility of employing such a method to recognize \\\"uncommon\\\" traffic, recorded in MCS audit trail.\",\"PeriodicalId\":355789,\"journal\":{\"name\":\"2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications\",\"volume\":\"50 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-03-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WAINA.2011.14\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WAINA.2011.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards a Forensic Analysis for Multimedia Communication Services
No matter how robust the employed security mechanisms are malicious users or attackers will always find a way to bypass them. In addition, National Institute of Security and Technology mentions "In conjunction with appropriate tools & procedures, audit trail can assist in detecting security violation and flaws in applications". Until now, in Multimedia Communication Services (MCS), such as Voice over IP, audit trails are not utilized in security audits due to (a) the lack of the appropriate analysis tools and (b) privacy restrictions. In this paper we report on the analysis of MCS audit trail by employing a novel method for identifying "uncommon" traffic indicating non normal behaviour that does not violate users’ privacy. We rely on entropy theory and the notion of "itself information" to quantify the randomness of specific message segments, and we also introduce the term "actual itself information" for the assessment of entire message randomness. To protect users’ privacy we hash audit trail’s data. For evaluating the applicability of our proposed method we utilize an audit trail of a real MCS provider published by honey pot project. Initial outcomes show the feasibility of employing such a method to recognize "uncommon" traffic, recorded in MCS audit trail.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
