Network Forensics: Web Proxy Log Analysis

Fei, Eloff, Olivier, and Venter


Citation information

B. K. L. Fei, J. H. P. Eloff, M. S. Olivier, and H. S. Venter. Network forensics: Web proxy log analysis. In M. S. Olivier and S. Shenoi, editors, Advances in Digital Forensics II, pages 247–258. Springer, 2006b


Network forensics involves capturing, recording and analysing network audit trails. A crucial part of network forensics is to gather evidence at the server level, proxy level and from other sources. A web proxy relays URL requests from clients to a server. Analysing web proxy logs can give unobtrusive insights to the browsing behavior of computer users and provide an overview of the Internet usage in an organisation. More importantly, in terms of network forensics, it can aid in detecting anomalous browsing behavior. This paper demonstrates the use of a self-organising map (SOM), a powerful data mining technique, in network forensics. In particular, it focuses on how a SOM can be used to analyse data gathered at the web proxy level.

Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.1007/0-387-36891-4_20

BibTeX reference

AUTHOR={Bennie K L Fei and Jan H P Eloff and Martin S Olivier and Hein S Venter},
TITLE={Network Forensics: Web Proxy Log Analysis},
BOOKTITLE={Advances in Digital Forensics {II}},
EDITOR={Martin S Olivier and Sujeet Shenoi},
PAGES={247--258} )

[Publications] [Home]
Page maintained by Martin Olivier
Record refreshed: January 16, 2018

Beta version of new bibliography database; please report errors (or copyright violations) that may have slipped in.