| 基于协议分析的网络入侵动态取证系统设计 |
| |
| 引用本文: | 杨卫平,黄烟波,段丹青,黄伟平.基于协议分析的网络入侵动态取证系统设计[J].微机发展,2006,16(4):215-217. |
| |
| 作者姓名: | 杨卫平 黄烟波 段丹青 黄伟平 |
| |
| 作者单位: | 中南大学信息科学与工程学院,中南大学信息科学与工程学院,中南大学信息科学与工程学院,中南大学信息科学与工程学院 湖南长沙410083,湖南公安高等专科学校,湖南长沙410006,湖南长沙410083,湖南长沙410083,湖南公安高等专科学校,湖南长沙410006,湖南长沙410083 |
| |
| 基金项目: | 湖南省教育厅青年项目(03B009),湖南省公安厅科研项目资助(湘公科[2003]14号) |
| |
| 摘 要: | 计算机取证技术分为静态取证和动态取证两种。静态取证技术由于采用事后分析的方法提取证据,因而证据的采集不够全面,同时恢复的数据可能是已经被篡改的数据,因而法律效力低。文中将计算机取证技术与入侵检测技术结合,提出一种基于协议分析的网络入侵动态取证系统。该系统采用基于协议分析的入侵检测方法,提高了入侵检测效率及数据分析能力,有助于解决动态取证的实时性;同时系统采取了较全面的安全机制,确保收集的电子证据的真实性、有效性、不可篡改性,是动态计算机取证的一种较好解决方案。
|
| 关 键 词: | 计算机取证 电子证据 入侵检测 证据提取 |
| 文章编号: | 1005-3751(2006)04-0215-03 |
| 修稿时间: | 2005年8月14日 |
Design of Protocol Analysis Based IDS and Dynamic Computer Forensic System |
| |
| YANG Wei-ping.Design of Protocol Analysis Based IDS and Dynamic Computer Forensic System[J].Microcomputer Development,2006,16(4):215-217. |
| |
| Authors: | YANG Wei-ping |
| |
| Affiliation: | YANG Wei-ping~ |
| |
| Abstract: | The computer forensic mainly consists of two techniques: the static forensic and dynamic forensic.The static computer forensic collects electronic evidences after the intrusion has happened,so it's difficult to collect the evidences entirely and even the recovered files may has been modified,the collected electronic evidences are not so available in law.The paper provides a dynamic computer forensic system combined computer forensic technology and intrusion detection system based on protocol analysis.The system can improve the efficiency of intrusion detection and the ability of data analysis by using the protocol analysis method.It's helpful to realize collecting electronic evidences dynamically in real-time.The system also uses several kinds of network safe mechanisms to ensure the accuracy,validity,immutability of the electronic evidences.It's a good solution of dynamic computer forensic. |
| |
| Keywords: | computer forensic electronic evidence intrusion detection evidences collection |
| 本文献已被 CNKI 等数据库收录! |
|
