112 A Model for NFAA-Network Forensics Attack Analysis

With the increasing number of digital crimes nowadays network forensics plays an important role in evidence analysis process. In most situation organizations will have to spend more resources in analyzing attacks to their system rather than detection and prevention solution. In general, performing investigation processes for measuring the results of an attack are more difficult and costly. Considering the situation, this paper will try to propose a process model for attack analysis in network forensic by using data mining approach. The model will direct analysis process efforts and measure the success of investigation by classifying attacks based on intention. The process to define a similarity attack strategy will be designed and the similarity algorithm to define attacker identity will be proposed. Lastly, an adequate incident path of attack will be determined. We believe the proposed model can be used as a basis for observing and enhancing investigation process through decision—making activities to apprehend the real perpetrator.