| 面向网络取证的网络攻击追踪溯源技术分析 |
| |
| 引用本文: | 刘雪花,丁丽萍,郑涛,吴敬征,李彦峰.面向网络取证的网络攻击追踪溯源技术分析[J].软件学报,2021,32(1):194-217. |
| |
| 作者姓名: | 刘雪花 丁丽萍 郑涛 吴敬征 李彦峰 |
| |
| 作者单位: | 中国科学院软件研究所 并行软件与计算科学实验室, 北京 100190;中国科学院大学 计算机科学与技术学院, 北京 100049;中国科学院软件研究所 并行软件与计算科学实验室, 北京 100190;广州中国科学院软件应用技术研究所 电子数据取证实验室, 广州 511458;广东中科实数科技有限公司, 广州 511458;联通华盛通信有限公司, 北京 100005;中国科学院软件研究所 智能软件研究中心, 北京 100190 |
| |
| 基金项目: | 广州市科技计划项目(201802020015);羊城创新创业领军人才支持计划资助(领军人才2016008) |
| |
| 摘 要: | 首先定位网络攻击事件的源头,然后进行有效的电子数据证据的收集,是网络取证的任务之一.定位网络攻击事件源头需要使用网络攻击追踪溯源技术.然而,现有的网络攻击追踪溯源技术研究工作主要从防御的角度来展开,以通过定位攻击源及时阻断攻击为主要目标,较少会考虑到网络取证的要求,从而导致会在网络攻击追踪溯源过程中产生的大量有价值的数...
|
| 关 键 词: | 网络攻击追踪溯源 网络取证 电子数据证据可采性 电子数据证据证明力 取证过程模型 IP追踪 |
| 收稿时间: | 2020/1/14 0:00:00 |
| 修稿时间: | 2020/6/4 0:00:00 |
Analysis of Cyber Attack Traceback Techniques from the Perspective of Network Forensics |
| |
| LIU Xue-Hu,DING Li-Ping,ZHENG Tao,WU Jing-Zheng,LI Yan-Feng.Analysis of Cyber Attack Traceback Techniques from the Perspective of Network Forensics[J].Journal of Software,2021,32(1):194-217. |
| |
| Authors: | LIU Xue-Hu DING Li-Ping ZHENG Tao WU Jing-Zheng LI Yan-Feng |
| |
| Affiliation: | Laboratory of Parallel Software and Computational Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 100049, China;Laboratory of Parallel Software and Computational Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;Digital Forensics Lab, Institute of Software Application Technology, Guangzhou&Chinese Academy of Sciences, Guangzhou 511458, China;Guangdong Chinese Academy of Sciences&Realdata Science and Technology Company Limited, Guangzhou 511458, China;China United Vsens Communications Corporation Limited, Beijing 100005, China;Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China |
| |
| Abstract: | Locating the source of cyber attack and then collecting electronic evidence is one of the tasks of network forensics. Therefore, cyber attack traceback techniques are used to locate the source of cyber attack. However, current research on cyber attack traceback is mainly conducted from a defensive prospective, targeting at blocking cyber attack as soon as possible via locating the cyber attack source, and rarely considers cyber evidence acquirement. As a result, the large amount of valuable electronic evidence generated during the process of cyber attack traceback cannot be used in prosecutions, and their value in network forensics cannot be fully exploited. Therefore, a set of forensic capability metrics is proposed to assess the forensic capabilities of cyber attack traceback techniques. The latest cyber attack traceback technologies, including cyber attack traceback based on Software defined network, are summarized and analyzed. We analyzed their forensic capabilities and provided some suggestions for improvement. A specific forensics process model for cyber attack traceback is proposed, providing reference for research on cyber attack traceback technology targeting at network forensics. |
| |
| Keywords: | cyber attack source traceback network forensics the admissibility of digital evidence the probative force of digital evidence forensic process model IP traceback |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
