Detecting the Evidence of Disruption of Web Services Using the Entropy Algorithm and Bayesian Network
The research is based on the increasing spread of disruptions to Web services, known as "denial-of-service", and the need for police investigation of crime. In accordance with paragraph 9 of the Iranian Cyber Crime Act, any measure that disrupts or interrupts the operation of computer and telecommunication systems is an example of cybercrime, and it is necessary for judicial remedies, by documenting and analyzing evidence, to justify the offense to the reference Judiciary. The purpose of the research is to find out the optimal methods of collecting, analyzing, reviewing and ultimately discovering the evidence of crime leading to disturbing web activities (denial of service attacks).
The study of library documents and studies of other researches, attempts to identify the methods used and provide an optimal method. For this purpose, after creating artificial traffic on a website (website) in the laboratory environment, different methods of classification in the field of machine learning were evaluated. Ultimately, due to the quality and accuracy of the various algorithms, the combination of the Bayesian and entropy algorithm was selected.
Findings and
In this research, the proposed model was compared to the standard data set (EPA-HTTP); its implementation and its results were compared with other methods, which indicates better performance.