2026-04-17T17:48:02.427Z http://ezaposleni.singidunum.ac.rs/rest/sciNaucniRezultati/oai

ezaposleni.singidunum.ac.rs/rest/sciNaucniRezultati/oai:1:2519 2014-06-07T20:25:49Z 1

INTEGRATED PROACTIVE FORENSICS MODEL IN NETWORK INFORMATION SECURITY 2014 http://ezaposleni.singidunum.ac.rs/rest/sciNaucniRezultati/oai/record/1/2519 www.sinteza.singidunum.ac.rs G. Grubor I. Barać In many cases, web application security cannot provide the required level of security. Proactive collection of network data from all of the network layers in real time and their forensic analysis can help to uncover information about the internal or external attacks and to prevent potential damages. The best way is to combine application and system monitoring and perform centralized traffic monitoring to correlate events. The data collected in such manner can be used to detect traffic anomalies and improve network intrusion detection. Tracing traffic at multiple levels could potentially provide more information about the intrusion features. Analysis of these centralized log data has become an important research area in proactive network security. Any attacks should be detected as soon as possible by monitoring system, to take appropriate corrective measures in timely manner. In this paper deferment types of network events and data sources are described and their integration into centralized log management infrastructure in proactive forensic architecture is researched. The authors of this paper proposed an integrated proactive digital forensic (IPDF) model for internal and external attacks and its contribution to overall network security in context of high – volume network traffic, big data and virtualized cloud computing environment. conferenceObject 693 699 10.15308/SInteZa-2014-454-457 ISBN: 978-86-7912-539-2