Accession Number : ADA621776


Title :   Network Analysis with Stochastic Grammars


Descriptive Note : Doctoral thesis


Corporate Author : AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT


Personal Author(s) : Lin, Alan C


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a621776.pdf


Report Date : 17 Sep 2015


Pagination or Media Count : 124


Abstract : Digital forensics requires significant manual effort to identify items of evidentiary interest from the ever-increasing volume of data in modern computing systems. One of the tasks digital forensic examiners conduct is mentally extracting and constructing insights from un structured sequences of events. This research assists examiners with the association and individualization analysis processes that make up this task with the development of a Stochastic Context -Free Grammars (SCFG) knowledge representation for digital forensics analysis of computer network traffic. SCFG is leveraged to provide context to the low-level data collected as evidence and to build behavior profiles. Upon discovering patterns, the analyst can begin the association or individualization process to answer criminal investigative questions. Three contributions resulted from this research. First , domain characteristics suitable for SCFG representation were identified and a step -by- step approach to adapt SCFG to novel domains was developed. Second, a novel iterative graph-based method of identifying similarities in context-free grammars was developed to compare behavior patterns represented as grammars. Finally, the SCFG capabilities were demonstrated in performing association and individualization in reducing the suspect pool and reducing the volume of evidence to examine in a computer network traffic analysis use case .


Descriptors :   *BEHAVIOR , *COMMUNICATIONS TRAFFIC , *COMPUTER NETWORKS , *DATA MINING , *FORENSIC ANALYSIS , *STOCHASTIC PROCESSES , CLASSIFICATION , CRIMINOLOGY , FEATURE EXTRACTION , GRAPHS , INFORMATION PROCESSING , INFORMATION RETRIEVAL , KNOWLEDGE BASED SYSTEMS , NETWORK ARCHITECTURE , OPERATING SYSTEMS(COMPUTERS) , PATTERN RECOGNITION , PERFORMANCE(ENGINEERING) , SEMANTICS , STATISTICAL INFERENCE , THESES


Subject Categories : Information Science
      Sociology and Law
      Statistics and Probability
      Computer Systems


Distribution Statement : APPROVED FOR PUBLIC RELEASE