|
|||||
|
|
| 网络协同取证计算研究 | |
| 引用本文: | 张有东,曾庆凯,王建东.网络协同取证计算研究[J].计算机学报,2010,33(3). |
| 作者姓名: | 张有东 曾庆凯 王建东 |
| 作者单位: | 1. 南京大学计算机软件新技术国家重点实验室,南京,210093;南京大学计算机科学与技术系,南京,210093;淮阴工学院计算机工程系,江苏,淮安,223003 2. 南京大学计算机软件新技术国家重点实验室,南京,210093;南京大学计算机科学与技术系,南京,210093 3. 南京航空航天大学信息科学与技术学院,南京,210016 |
| 基金项目: | 国家自然科学基金(60773170,60721002,90818022);;国家“八六三”高技术研究发展计划项目基金(2006AA01Z432);;高等学校博士学科点专项科研基金(200802840002);;江苏省高校自然科学研究项目(06KJD520019)资助~~ |
| 摘 要: | 网络取证面临着复杂多样的网络入侵环境,尤其是对于复合攻击的取证,为此提出了网络协同取证计算新概念.通过对传统的函数依赖关系理论的扩展,提出了以一定概率相依赖的概率函数依赖关系及其分析方法与算法,进而结合贝叶斯网络理论、报警关联分析技术和对K2算法的改进,提出了一种网络协同取证分析算法,算法通过对元报警事件的聚类和综合不同的网络取证数据源,能够直观地再现复杂网络攻击的犯罪场景,有效地实现网络取证分析;而且即使在部分数据缺失情况下,算法也可推理攻击的发生过程. |
| 关 键 词: | 协同取证 复合攻击 概率函数依赖 贝叶斯网络 犯罪场景 |
Studies of Network Coordinative Forensics Computing |
|
| ZHANG You-Dong,ZENG Qing-Kai,WANG Jian-Dong.Studies of Network Coordinative Forensics Computing[J].Chinese Journal of Computers,2010,33(3). | |
| Authors: | ZHANG You-Dong ZENG Qing-Kai WANG Jian-Dong |
| Affiliation: | State Key Laboratory for Novel Software Technology/a>;Nanjing University/a>;Nanjing 210093;Department of Computer Science and Technology/a>;Nanjing 210093;Department of Computer Engineering/a>;Huaiyin Institute of Technology/a>;Huaian/a>;Jiangsu 223003;Institute of Information Science and Technology/a>;Nanjing University of Aeronautics and Astronautics/a>;Nanjing 210016 |
| Abstract: | The network forensic is faced with the question of the complex network intrusion analysis especially to forensic to the multi-step attack.So a new concept of coordinative forensics computing is defined.Through to extend the theory of function dependency,a new analysis method and algorithms called probability function dependency relations,which the dependency is in a probability,are proposed.Combined this method with the Bayesian network,alert correlation technology and the algorithm of K2 that is improved,t... |
| Keywords: | coordinative forensics multi-step attack probability function dependency Bayesian network crime scenario |
| 本文献已被 CNKI 万方数据 等数据库收录! | |