Application of intrusion detection system in automatic evidence collection using digital forensics

Jain, A K (2014) Application of intrusion detection system in automatic evidence collection using digital forensics. MTech thesis.



In network security, Intrusion Detection System (IDS) is one of the popular and effective mechanism to secure the network. The aim of IDS is to offer a layer of protection against unauthorized (or malicious) uses of systems by sensing the vulnerability in the system or misuse of a security policy, and alerts system administrator to an ongoing (or recent) attack. IDSs function is limited to detect the intrusion and respond to administrator about the intrusion by monitoring the system continuously. IDS is not able to preserve evidence about the intrusion, which makes it difficult to see the damage in the system and gather information about the attack and hence make it impossible to catch the intruder. Although evidence can be collected from IDS’s and system log files, but integrity, reliability, and completeness of such evidence are doubtful as log files can also be altered by intruder. In order to preserve evidence in its original form we have proposed “Application of Intrusion Detection System in automatic Evidence Collection using Digital Forensics”. In our model whenever an intrusion is detected, IDS notify the administrator by sending an alert as well as activate the digital forensic tool to capture the current state of the system. This captured system image contains all the information of the system of the time when attack was taking place. Hence such image can be used as evidence in legal proceeding. We used both signature based IDS and anomaly based IDS in the work and observe that signature based IDS is not able to detect novel threats while anomaly based IDS is able to detect such threats.

Item Type:Thesis (MTech)
Uncontrolled Keywords:Intrusion detection system, digital forensics, digital evidence, signature, anomaly, forensic analysis
Subjects:Engineering and Technology > Computer and Information Science > Information Security
Divisions: Engineering and Technology > Department of Computer Science
ID Code:5602
Deposited By:Hemanta Biswal
Deposited On:18 Jul 2014 15:06
Last Modified:18 Jul 2014 15:06
Supervisor(s):Jena, S K

Repository Staff Only: item control page