Disclaimer
This paper is not subject to copyright in the United States. Commercial products are
identified in order to adequately specify certain procedures. In no case does such
identification imply recommendation or endorsement by the National Institute of
Standards and Technology, nor does it imply that the identified products are
necessarily the best available for the purpose
.
References
1. H. Debar ,A. Wespi, “Aggregation and correlation of intrusion-detection alerts”, In Recent
Advances in Intrusion Detection, LNCS 2212, pages 85 – 103, 2001.
2. Keppens, J. and Zeleznikow, J. (2003). “A Model based Reasoning approach for generating
plausible crime scenarios from evidence”, Proceedings of the 9
th
International Conference
of Artificial Intelligence and Law, 51–59. ACM Press, New York.
3. K. F Sagonas, T. Swift, D.S. Warren, “XSB as an Efficient Deductive Database Engine”, In
Proc. of the 1994 ACM SIGMOD International Conference on Management of Data, ACM
Press, 1994, pp. 442–453.
4. P. Sommer, “Intrusion Detection Systems as Evidence”, Recent Advances in Intrusion
Detection 1998, RAID98, Electronic version retrieved 17
th
December 2003
5. S. P. Peisert, “A Model of Forensic Analysis Using Goal-Oriented Logging”, PhD thesis,
Department of Computer Science and Engineering, University of California, San Diego,
March 2007.
6. J. Keppens, Q. Shen, and B. Schafer, “Probabilistic abductive computation of evidence
collection strategies in crime investigation”, In PTroceedings of the 10
th
International
Conference on Artificial Intelligence and Law, 2005.
7. W.Wang, T.E.Daniels, “A graph based approach toward network forensics analysis”, ACM
Transactions on Information and Systems Security 12 (1) (2008).
8. Federal Rules of Evidence, Dec 1, 2010.
9. O. Dain,R. Cunningham, “Building scenarios from a heterogeneous alert stream”, In
Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, pages
231–235, June 2001.
10. S. Jha, O. Sheyner, and J. Wing. “Two formal analyses of attack graphs”, In Proceedings of
the 2002 Computer Security Foundations Workshop, pages 45–59, Nova Scotia, June 2002.
11. C. Liu, A. Singhal, D. Wijesekera, “Mapping Evidence Graphs to Attack Graphs”, IEEE
International Workshop on Information Forensics and Security, December, 2012.
12. C. Liu, A. Singhal, D. Wijesekera. “Using Attack Graphs in Forensic Examinations”,
ARES, page 596-603. IEEE Computer Society, (2012).
13. MulVALV1.1, Jan30, 2012. http://people.cis.ksu.edu/xou/mulval/.
14. M. Whitteker, “Anti-forensics: Breaking the forensic process”, Information Systems
Security Association Journal, pp. 10-16, November 2008.
15. Ou, X., Boyer, W.F., McQueen, M.A., “A scalable approach to attack graph generation”, In
13
th
ACM Conference on Computer and Communications Security (CCS), pp.336345 (2006).
16. A. Singhal, X. Ou, “Security risk analysis of enterprise networks using probabilistic attack
graphs”, Technical Report NISTIR 7788, National Institute of Standards and Technology,
September 2011.
17. David S. Warren et al, “The XSB system version 3.1 volume 1: Programmer’s manual”,
Technical Report Version released on August, 30, Stony Brook University, USA, 2007.
18. C. Liu, A. Singhal, D. Wijesekera, “Merging Evidence Sub Graphs to Create an Integrated
Evidence Graph for Network Forensics Analysis”, Ninth Annual IFIP WG 11.9
94