Abstract

We present a post-mortem log analysis method based on Temporal Logic (TL), Event Processing Language (EPL), and reconstruction approach. After showing that the proposed method could be adapted to any misuse event or attack, we specifically investigate the case of web server misuses. To this end, we examine 5 different misuses on Wordpress web servers, and generate corresponding log files of these attacks for forensic analysis. Then we establish attack patterns and formalize them by means of a special case of temporal logic, i.e. many sorted first order metric temporal logic (MSFOMTL). Later on, we implement these attack patterns in the EPL, and performed experimental log analysis by using a time window mechanism sliding on sorted log records to evaluate effectiveness and efficacy of our proposed method. We found that our approach is potentially capable of providing a platform where investigators can define/store/share misuse patterns using a common language while providing fast and accurate forensic analysis on large log files.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Modeling compliance specifications in linear temporal logic, event processing language and property specification patterns: a controlled experiment on understandability
Christoph Czepa ... Amirali Amiri
Software and Systems Modeling | VOL. 18
Christoph Czepa, et. al.Christoph Czepa ... Amirali Amiri
22 Feb 2019
On the Understandability of Temporal Properties Formalized in Linear Temporal Logic, Property Specification Patterns and Event Processing Language
Christoph Czepa ... Uwe Zdun
IEEE Transactions on Software Engineering | VOL. 46
Christoph Czepa, et. al.Christoph Czepa ... Uwe Zdun
01 Jan 2020
Development and Evaluation of a Dataset Generator Tool for Generating Synthetic Log Files Containing Computer Attack Signatures
Stephen O’Shaughnessy ... Geraldine Gray
International Journal of Ambient Computing and Intelligence | VOL. 3
Stephen O’Shaughnessy, et. al.Stephen O’Shaughnessy ... Geraldine Gray
01 Apr 2011
Context-Aware Dynamic Event Processing Using Event Pattern Templates
Pablo Rosales TEJADA ... Jae-Yoon JUNG
IEICE Transactions on Information and Systems | VOL. E96.D
Pablo Rosales TEJADA, et. al.Pablo Rosales TEJADA ... Jae-Yoon JUNG
01 Jan 2013
View more papers

More From: Journal of Digital Forensics, Security and Law

Paper Title
Journal
Date
Author
AN ML BASED DIGITAL FORENSICS SOFTWARE FOR TRIAGE ANALYSIS THROUGH FACE RECOGNITION
Gaurav Gogia ... Parag H Rughani
Journal of Digital Forensics, Security and Law | VOL. 17
Gaurav Gogia, et. al.Gaurav Gogia ... Parag H Rughani
01 Jul 2023
An Analysis of Product Liability for AI Entities with special reference to the Consumer Protection Act, 2019
Dr Priya Roy ... Rituraj Bhowal
Journal of Digital Forensics, Security and Law | VOL. 17
Dr Priya Roy, et. al.Dr Priya Roy ... Rituraj Bhowal
27 Oct 2022
A Study of the Data Remaining on Second-Hand Mobile Devices in the UK
Olga Angelopoulou ... Andy Jones
Journal of Digital Forensics, Security and Law | VOL. 17
Olga Angelopoulou, et. al.Olga Angelopoulou ... Andy Jones
27 Oct 2022
An Evaluation Framework For Digital Image Forensics Tools
Zainab Khalid ... Sana Qadir
Journal of Digital Forensics, Security and Law | VOL. 17
Zainab Khalid, et. al.Zainab Khalid ... Sana Qadir
27 Oct 2022
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.