基于攻击特征的自动证据筛选技术

为了自动获得入侵证据,提出一种基于攻击特征的自动证据筛选方法.其原理是首先根据被调查攻击的特征重构出攻击行为细节,并从中抽取筛选证据需要的“特征信息”.然后,再根据候选数据与这些特征信息的匹配程度筛选出该攻击相关的证据.基于DARPA 2000的实验表明这种方法具有很高的准确率,其完备性更是接近100%.而与现有方法的比较则显示出这种方法能克服现有方法人工干预较多、效率低下、仅能筛选特定证据类型、不适合处理复杂攻击等诸多缺陷.

Filtering Intrusion Forensic Data Based on Attack Signatures

Computer forensics is a new field on computer evidences process.This field is very important and practical,so it has drawn more and more attention in recent years.Intrusion forensics is a specific area of computer forensics,and has been applied to computer intrusion activities.It is a hot area because a large proportion of the computer crimes are intrusion activities.When investigating intrusion activities,one key step is obtaining intrusion evidences.In order to get this kind of evidences automatically,an ...