Attack graph analysis for network anti-forensics
Ramachandran Pillai Lekshmi, Rahul Chandran
MetadataShow full metadata
The development of technology in computer networks has increased the percentage of cyber-attacks and attackers are able to penetrate even the strongest IDS and firewalls. Anti-forensics in computer networks is an emerging concept in the area of computer forensics and anti-forensics. The traditional anti-forensics which deals with data hiding, disk wiping and data obfuscation has been prevailing for the past few years. The application of these techniques in computer networks which hinders network forensics process (investigation of network crimes) is the main focus of this research. Given that the tools and techniques used by network forensic investigators for examination and by hackers for breaching the security are found the same. The research will focus on an in-depth analysis of the effects of anti-forensic techniques for the betterment of network security. With the help of anti-forensic techniques, attackers are able to defend themselves from being traced and are able to destroy evidence. The main modus of operation of network forensics is to detect and prevent such kind of attacks. Another goal of this research is the successful implementation and analysis of attack graphs, which are built from gathered evidence. This research study conveys the main concepts of attack graphs, the requirements for the modelling of graphs, how they can be implemented and it also contributes with the incorporation of anti-forensic techniques in attack graphs which will help in the analysis of the diverse possibilities of attack path deviations, thus aiding in the recommendation of various defense strategies to achieve better security. To the best of our knowledge, this is the first time network anti-forensics techniques has been fully discussed and attack graphs have been employed to analyze anti-forensic incorporated network attacks. The attack graph methodology is utilized in this research to identify the attack path and to deduce ways an attack can propagate. The experimental analyses of anti-forensic techniques using attack graphs conducted in the proposed test-bed helped to evaluate the model proposed and suggested preventive measures for the improvement of security of the networks. Finally, this thesis discusses ways to deploy methodologies for successful generation of attack paths for both normal attacks and for anti-forensic incorporated network attacks. The analysis of attack graphs developed will help in identifying the flaws of the network and how an attack propagates. This methodology helps to take precautionary measures in network security.