| Session P1:網路犯罪與數位鑑識
論文作者:Chinyang Henry Tseng, Chun-Wei Lai, Tong-Ying Juang
As web attacks occur much more often, the demands of digital forensics increase significantly. However, most digital forensic tasks against web attack are still handled manually so the process of the digital Forensic tasks is very inefficient and error-prone, especially when the size of web server logs involved in the web attack becomes very large. In order to investigate the crime evidences in the web logs referring to the web attack efficiently, an automatic mechanism of processing these web logs is highly desirable. In this paper, we present an Automatic Web-log Filtering mechanism for web attack digital forensic. This mechanism can filter out the most valuable web logs as the evidences of the web attack and indicate those highly suspicious web events and users regarding to the web attack. The mechanism consists of four components: Web Attack Detection, Scanning Behavior Detection, Web-shell Detection, and User Rating. These components can automatically depict the web attack events and the corresponding users from the web logs based on the scores given by each component. To evaluate this mechanism, the experiment is conducted against a web attack event at Nokia Taiwan web site. Based on the scores of the web logs, the experiment results successfully demonstrate the web attack traces, which exactly match the manual security report from the security expert. Therefore, the proposed mechanism can automatically generate most valuable evidences from the web logs and assist crime investigators depict web attack traces efficiently.. |
