Network Forensics: Web Proxy Log Analysis
Fei, Eloff, Olivier, and Venter
2006
Citation information
B. K. L. Fei, J. H. P. Eloff, M. S. Olivier, and H. S. Venter. “Network Forensics: Web Proxy Log Analysis”. In: Advances in Digital Forensics II. Ed. by M. S. Olivier and S. Shenoi. Springer, 2006, pp. 247–258Abstract
Network forensics involves capturing, recording and analysing network audit trails. A crucial part of network forensics is to gather evidence at the server level, proxy level and from other sources. A web proxy relays URL requests from clients to a server. Analysing web proxy logs can give unobtrusive insights to the browsing behavior of computer users and provide an overview of the Internet usage in an organisation. More importantly, in terms of network forensics, it can aid in detecting anomalous browsing behavior. This paper demonstrates the use of a self-organising map (SOM), a powerful data mining technique, in network forensics. In particular, it focuses on how a SOM can be used to analyse data gathered at the web proxy level.
Definitive version
The definitive version of the paper is available from the publisher.DOI: 10.1007/0-387-36891-4_20
BibTeX reference
@inproceedings(proxsom,author={Bennie K L Fei and Jan H P Eloff and Martin S Olivier and Hein S Venter},
title={Network Forensics: Web Proxy Log Analysis},
booktitle={Advances in Digital Forensics {II}},
editor={Martin S Olivier and Sujeet Shenoi},
publisher={Springer},
year={2006},
pages={247--258} )