Log Analysis Techniques using Clustering in Network Forensics
This is an incremental improvement for network forensic investigators, helping streamline attack identification.
The paper tackles the problem of identifying internet attacks by applying K-means clustering to log files, grouping data into three attack categories to aid forensic analysis and trial processes.
Internet crimes are now increasing. In a row with many crimes using information technology, in particular those using Internet, some crimes are often carried out in the form of attacks that occur within a particular agency or institution. To be able to find and identify the types of attacks, requires a long process that requires time, human resources and utilization of information technology to solve these problems. The process of identifying attacks that happened also needs the support of both hardware and software as well. The attack happened in the Internet network can generally be stored in a log file that has a specific data format. Clustering technique is one of methods that can be used to facilitate the identification process. Having grouped the data log file using K-means clustering technique, then the data is grouped into three categories of attack, and will be continued with the forensic process that can later be known to the source and target of attacks that exist in the network. It is concluded that the framework proposed can help the investigator in the trial process.