Abstract
The number of cyber attacks is constantly increasing daily, which demands organizations to respond quickly and adequately to security incidents. Digital forensics plays an essential role in these activities. In the digital investigation process, it is necessary to identify and separate relevant digital evidence from that which is not. In this paper, we describe the construction of ordinary and fuzzy formal contexts based on digital evidence collected from event logs and the filesystem (New Technology File System). We generated four concept lattices for various subsets of attributes regarding timestamps, types of files, or event logs. The association rules and their connections with Formal Concept Analysis are explored, and several algorithms, including GUHA methods, are applied to our data. We compare, evaluate and interpret the various methods for association rules mining. Moreover, we describe the state-of-the-art of fuzzy attribute implications in Formal Concept Analysis and provide the interpretation of implications in our epoch-time attributes. Our solution provides warnings for the security analyst to manually check and inspect the suspicious records in data. Hence, the analyst can quickly find relevant records for the case and perform further analysis.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
