Abstract
Internet network attacks are complicated and worth studying. The attacks include Denial of Service (DoS). DoS attacks that exploit vulnerabilities found in operating systems, network services and applications. Indicators of DoS attacks, is when legitimate users cannot access the system. This paper proposes a framework for Internet based forensic logs that aims to assist in the investigation process to reveal DoS attacks. The framework in this study consists of several steps, among others : logging into the text file and database as well as identifying an attack based on the packet header length. After the identification process, logs are grouped using k-means clustering algorithm into three levels of attack (dangerous, rather dangerous and not dangerous) based on port numbers and tcpflags of the package. Based on the test results the proposed framework can be grouped into three level attacks and found the attacker with a success rate of 89,02%, so, it can be concluded that the proposed framework can meet the goals set in this research.
Highlights
Background of this research starts from many attacks in the Internet
Digital forensics is the science dealing with the process of recovery and investigation of material found in digital data, this is often done as part of a criminal investigation [2], [3], [4], in which the scope of digital data comprises a computer system, storage media, electronic documents, or even a sequence of data packets transmitted across computer networks
If there is a verification process need to be clarified about the IP address information that has been generated by the clustering module, investigators can recheck NFAT into the engine to make sure that the IP address is an IP Address of the suspected assailants who had attacked the system through the Internet network
Summary
Background of this research starts from many attacks in the Internet. The attacks such as SYN Flood, IP Spoofing, DoS attacks (Denial of Service), UDP Flood attack, Ping Flood attack, Teardrop attacks, Land Attack, Smurf Attack, Fraggle Attack [1]. Network forensics has a goal to collect, identify and analyze documents of some processing and transmitting digital data. This activity aims to obtain information or facts related to the attacker [7]. The reason of using clustering technique selection in this study is the data characteristic about information of attacker hit access in the numerical form and log information in the network is very large. Web-based applications to detect attacks in the Internet is called NFAT machine (Network Forensic Analysis Tools) that will be used in this study as a proof of concept implementation of a framework for Internet forensic proposed
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
