TY - GEN
T1 - Cyber criminal activity analysis models using Markov Chain for digital forensics
AU - Kim, Do Hoon
AU - In, Hoh Peter
PY - 2008
Y1 - 2008
N2 - Recognizing links between offender patterns is one of the most crucial skills of an investigator. Early recognition of similar patterns can lead to focusing resources, improving clearance rates, and ultimately saving lives in terms of digital forensics. In this paper we propose a forensics methodology using Markov chain during a given time interval for tracking and predicting the degree of criminal activity as it evolves over time. In other words, we describe intrusion scenario, and classify profiling of user's behavior by prior probability based Markov chain. Also, we apply the Noise Page Elimination Algorithm (NPEA) to reduce an error of probability prediction. Finally, we have experiment our model on dataset and have analysis their accuracy by Monte Carlo Simulation.
AB - Recognizing links between offender patterns is one of the most crucial skills of an investigator. Early recognition of similar patterns can lead to focusing resources, improving clearance rates, and ultimately saving lives in terms of digital forensics. In this paper we propose a forensics methodology using Markov chain during a given time interval for tracking and predicting the degree of criminal activity as it evolves over time. In other words, we describe intrusion scenario, and classify profiling of user's behavior by prior probability based Markov chain. Also, we apply the Noise Page Elimination Algorithm (NPEA) to reduce an error of probability prediction. Finally, we have experiment our model on dataset and have analysis their accuracy by Monte Carlo Simulation.
UR - http://www.scopus.com/inward/record.url?scp=51349152715&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=51349152715&partnerID=8YFLogxK
U2 - 10.1109/ISA.2008.90
DO - 10.1109/ISA.2008.90
M3 - Conference contribution
AN - SCOPUS:51349152715
SN - 9780769531267
T3 - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
SP - 193
EP - 198
BT - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
T2 - 2nd International Conference on Information Security and Assurance, ISA 2008
Y2 - 24 April 2008 through 26 April 2008
ER -