Loading…
Event correlation in cloud: a forensic perspective
Forensic investigation in cloud computing systems faces various legal, technical and organizational challenges. In this work, we focus on the technical issues of cloud forensics, specifically event correlation—a technique used to expose the relation between two or more cloud events. Event correlatio...
Saved in:
| Published in: | Computing 2016-11, Vol.98 (11), p.1203-1224 |
|---|---|
| Main Authors: | , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c349t-28de15bf02937c91d04f1c5a75efd86227c63e7b4ae2a64590e0eb9897225c733 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c349t-28de15bf02937c91d04f1c5a75efd86227c63e7b4ae2a64590e0eb9897225c733 |
| container_end_page | 1224 |
| container_issue | 11 |
| container_start_page | 1203 |
| container_title | Computing |
| container_volume | 98 |
| creator | Kumar Raju, B. K. S. P. Geethakumari, G. |
| description | Forensic investigation in cloud computing systems faces various legal, technical and organizational challenges. In this work, we focus on the technical issues of cloud forensics, specifically event correlation—a technique used to expose the relation between two or more cloud events. Event correlation in cloud is relatively at its early stages. We categorize the cloud event correlation in to two stages. In the first stage, we consider the events from the perspective of single artifact and perform correlation (homogeneous correlation). In the second stage, we collect the events from multiple artifacts and then perform correlation (heterogeneous correlation). The proposed approach helps automate the detection of incidents from cloud evidences and also speedup the event interpretation process by the investigator. |
| doi_str_mv | 10.1007/s00607-016-0500-2 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1855380672</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>4218125611</sourcerecordid><originalsourceid>FETCH-LOGICAL-c349t-28de15bf02937c91d04f1c5a75efd86227c63e7b4ae2a64590e0eb9897225c733</originalsourceid><addsrcrecordid>eNp1kM1KxDAURoMoOI4-gLuCGzfRm6RJGncyjD8w4EbBXcikt9Kh09SkHfDtbakLEVzdzfkOl0PIJYMbBqBvE4ACTYEpChKA8iOyYLlQVILUx2QBwIDmhXw_JWcp7QCAi8IsCF8fsO0zH2LExvV1aLO6zXwThvIuc1kVIrap9lmHMXXo-_qA5-Skck3Ci5-7JG8P69fVE928PD6v7jfUi9z0lBclMrmtgBuhvWEl5BXz0mmJVVkozrVXAvU2d8idyqUBBNyawmjOpddCLMn17O1i-Bww9XZfJ49N41oMQ7KskFIUoDQf0as_6C4MsR2_GylutBRMTUI2Uz6GlCJWtov13sUvy8BOFe1c0Y4V7VTRTmY-b9LIth8Yf5n_HX0DVTtyhg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1829753163</pqid></control><display><type>article</type><title>Event correlation in cloud: a forensic perspective</title><source>ABI/INFORM global</source><source>Springer Link</source><source>BSC - Ebsco (Business Source Ultimate)</source><creator>Kumar Raju, B. K. S. P. ; Geethakumari, G.</creator><creatorcontrib>Kumar Raju, B. K. S. P. ; Geethakumari, G.</creatorcontrib><description>Forensic investigation in cloud computing systems faces various legal, technical and organizational challenges. In this work, we focus on the technical issues of cloud forensics, specifically event correlation—a technique used to expose the relation between two or more cloud events. Event correlation in cloud is relatively at its early stages. We categorize the cloud event correlation in to two stages. In the first stage, we consider the events from the perspective of single artifact and perform correlation (homogeneous correlation). In the second stage, we collect the events from multiple artifacts and then perform correlation (heterogeneous correlation). The proposed approach helps automate the detection of incidents from cloud evidences and also speedup the event interpretation process by the investigator.</description><identifier>ISSN: 0010-485X</identifier><identifier>EISSN: 1436-5057</identifier><identifier>DOI: 10.1007/s00607-016-0500-2</identifier><language>eng</language><publisher>Vienna: Springer Vienna</publisher><subject>Analysis ; Artificial Intelligence ; Cloud computing ; Clouds ; Computation ; Computer Appl. in Administrative Data Processing ; Computer Communication Networks ; Computer Science ; Correlation ; Exposure ; Forensic computing ; Forensic engineering ; Forensic sciences ; Information Systems Applications (incl.Internet) ; Investigations ; Privacy ; Security management ; Software Engineering ; Studies</subject><ispartof>Computing, 2016-11, Vol.98 (11), p.1203-1224</ispartof><rights>Springer-Verlag Wien 2016</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c349t-28de15bf02937c91d04f1c5a75efd86227c63e7b4ae2a64590e0eb9897225c733</citedby><cites>FETCH-LOGICAL-c349t-28de15bf02937c91d04f1c5a75efd86227c63e7b4ae2a64590e0eb9897225c733</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://www.proquest.com/docview/1829753163/fulltextPDF?pq-origsite=primo$$EPDF$$P50$$Gproquest$$H</linktopdf><linktohtml>$$Uhttps://www.proquest.com/docview/1829753163?pq-origsite=primo$$EHTML$$P50$$Gproquest$$H</linktohtml><link.rule.ids>314,776,780,11667,27901,27902,36037,36038,44339,74638</link.rule.ids></links><search><creatorcontrib>Kumar Raju, B. K. S. P.</creatorcontrib><creatorcontrib>Geethakumari, G.</creatorcontrib><title>Event correlation in cloud: a forensic perspective</title><title>Computing</title><addtitle>Computing</addtitle><description>Forensic investigation in cloud computing systems faces various legal, technical and organizational challenges. In this work, we focus on the technical issues of cloud forensics, specifically event correlation—a technique used to expose the relation between two or more cloud events. Event correlation in cloud is relatively at its early stages. We categorize the cloud event correlation in to two stages. In the first stage, we consider the events from the perspective of single artifact and perform correlation (homogeneous correlation). In the second stage, we collect the events from multiple artifacts and then perform correlation (heterogeneous correlation). The proposed approach helps automate the detection of incidents from cloud evidences and also speedup the event interpretation process by the investigator.</description><subject>Analysis</subject><subject>Artificial Intelligence</subject><subject>Cloud computing</subject><subject>Clouds</subject><subject>Computation</subject><subject>Computer Appl. in Administrative Data Processing</subject><subject>Computer Communication Networks</subject><subject>Computer Science</subject><subject>Correlation</subject><subject>Exposure</subject><subject>Forensic computing</subject><subject>Forensic engineering</subject><subject>Forensic sciences</subject><subject>Information Systems Applications (incl.Internet)</subject><subject>Investigations</subject><subject>Privacy</subject><subject>Security management</subject><subject>Software Engineering</subject><subject>Studies</subject><issn>0010-485X</issn><issn>1436-5057</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><sourceid>M0C</sourceid><recordid>eNp1kM1KxDAURoMoOI4-gLuCGzfRm6RJGncyjD8w4EbBXcikt9Kh09SkHfDtbakLEVzdzfkOl0PIJYMbBqBvE4ACTYEpChKA8iOyYLlQVILUx2QBwIDmhXw_JWcp7QCAi8IsCF8fsO0zH2LExvV1aLO6zXwThvIuc1kVIrap9lmHMXXo-_qA5-Skck3Ci5-7JG8P69fVE928PD6v7jfUi9z0lBclMrmtgBuhvWEl5BXz0mmJVVkozrVXAvU2d8idyqUBBNyawmjOpddCLMn17O1i-Bww9XZfJ49N41oMQ7KskFIUoDQf0as_6C4MsR2_GylutBRMTUI2Uz6GlCJWtov13sUvy8BOFe1c0Y4V7VTRTmY-b9LIth8Yf5n_HX0DVTtyhg</recordid><startdate>20161101</startdate><enddate>20161101</enddate><creator>Kumar Raju, B. K. S. P.</creator><creator>Geethakumari, G.</creator><general>Springer Vienna</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>0U~</scope><scope>1-H</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>8AL</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>8G5</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>GUQSH</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>L.-</scope><scope>L.0</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M2O</scope><scope>MBDVC</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope></search><sort><creationdate>20161101</creationdate><title>Event correlation in cloud: a forensic perspective</title><author>Kumar Raju, B. K. S. P. ; Geethakumari, G.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c349t-28de15bf02937c91d04f1c5a75efd86227c63e7b4ae2a64590e0eb9897225c733</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Analysis</topic><topic>Artificial Intelligence</topic><topic>Cloud computing</topic><topic>Clouds</topic><topic>Computation</topic><topic>Computer Appl. in Administrative Data Processing</topic><topic>Computer Communication Networks</topic><topic>Computer Science</topic><topic>Correlation</topic><topic>Exposure</topic><topic>Forensic computing</topic><topic>Forensic engineering</topic><topic>Forensic sciences</topic><topic>Information Systems Applications (incl.Internet)</topic><topic>Investigations</topic><topic>Privacy</topic><topic>Security management</topic><topic>Software Engineering</topic><topic>Studies</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Kumar Raju, B. K. S. P.</creatorcontrib><creatorcontrib>Geethakumari, G.</creatorcontrib><collection>CrossRef</collection><collection>Global News & ABI/Inform Professional</collection><collection>Trade PRO</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>Research Library (Alumni Edition)</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>AUTh Library subscriptions: ProQuest Central</collection><collection>ProQuest Business Premium Collection</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>Research Library Prep</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ABI/INFORM Professional Advanced</collection><collection>ABI/INFORM Professional Standard</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM global</collection><collection>Computing Database</collection><collection>ProQuest research library</collection><collection>Research Library (Corporate)</collection><collection>ProQuest advanced technologies & aerospace journals</collection><collection>test</collection><collection>One Business (ProQuest)</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>Computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Kumar Raju, B. K. S. P.</au><au>Geethakumari, G.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Event correlation in cloud: a forensic perspective</atitle><jtitle>Computing</jtitle><stitle>Computing</stitle><date>2016-11-01</date><risdate>2016</risdate><volume>98</volume><issue>11</issue><spage>1203</spage><epage>1224</epage><pages>1203-1224</pages><issn>0010-485X</issn><eissn>1436-5057</eissn><abstract>Forensic investigation in cloud computing systems faces various legal, technical and organizational challenges. In this work, we focus on the technical issues of cloud forensics, specifically event correlation—a technique used to expose the relation between two or more cloud events. Event correlation in cloud is relatively at its early stages. We categorize the cloud event correlation in to two stages. In the first stage, we consider the events from the perspective of single artifact and perform correlation (homogeneous correlation). In the second stage, we collect the events from multiple artifacts and then perform correlation (heterogeneous correlation). The proposed approach helps automate the detection of incidents from cloud evidences and also speedup the event interpretation process by the investigator.</abstract><cop>Vienna</cop><pub>Springer Vienna</pub><doi>10.1007/s00607-016-0500-2</doi><tpages>22</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0010-485X |
| ispartof | Computing, 2016-11, Vol.98 (11), p.1203-1224 |
| issn | 0010-485X 1436-5057 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1855380672 |
| source | ABI/INFORM global; Springer Link; BSC - Ebsco (Business Source Ultimate) |
| subjects | Analysis Artificial Intelligence Cloud computing Clouds Computation Computer Appl. in Administrative Data Processing Computer Communication Networks Computer Science Correlation Exposure Forensic computing Forensic engineering Forensic sciences Information Systems Applications (incl.Internet) Investigations Privacy Security management Software Engineering Studies |
| title | Event correlation in cloud: a forensic perspective |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-01T07%3A09%3A33IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Event%20correlation%20in%20cloud:%20a%20forensic%20perspective&rft.jtitle=Computing&rft.au=Kumar%20Raju,%20B.%20K.%20S.%20P.&rft.date=2016-11-01&rft.volume=98&rft.issue=11&rft.spage=1203&rft.epage=1224&rft.pages=1203-1224&rft.issn=0010-485X&rft.eissn=1436-5057&rft_id=info:doi/10.1007/s00607-016-0500-2&rft_dat=%3Cproquest_cross%3E4218125611%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c349t-28de15bf02937c91d04f1c5a75efd86227c63e7b4ae2a64590e0eb9897225c733%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1829753163&rft_id=info:pmid/&rfr_iscdi=true |