| 基于事件关联的电子取证实时入侵重构 |
| |
| 引用本文: | 张基温,朱剑.基于事件关联的电子取证实时入侵重构[J].计算机工程与设计,2006,27(22):4325-4327. |
| |
| 作者姓名: | 张基温 朱剑 |
| |
| 作者单位: | 江南大学,信息工程学院,江苏,无锡,214122 |
| |
| 摘 要: | 针对目前电子取证入侵重构多用事后分析的方式导致分析信息不完整的问题,定义入侵事件的形式化描述和黑客攻击场景的表示,将事件关联方法引入电子取证入侵重构分析中,建立了事件关联的动态实时电子取证入侵重构系统,该系统预先了因果关联表,找出事件问的因果关联度,并消除它们的冗余关系,来获得入侵过程图。最后,通过一个实例来说明通过关联部分攻击片断来构建一个完整的攻击场景的过程。
|
| 关 键 词: | 电子取证 入侵事件 攻击场景 事件关联 入侵重构 实时系统 |
| 文章编号: | 1000-7024(2006)22-4325-03 |
| 收稿时间: | 2005-10-20 |
| 修稿时间: | 2005-10-20 |
Real-time intrusion reconstruction system of computer forensics based on event correlation |
| |
| ZHANG Ji-wen,ZHU Jian.Real-time intrusion reconstruction system of computer forensics based on event correlation[J].Computer Engineering and Design,2006,27(22):4325-4327. |
| |
| Authors: | ZHANG Ji-wen ZHU Jian |
| |
| Affiliation: | School of Information Engineering, Southem Yangtze University, Wuxi 214122, China |
| |
| Abstract: | Aimed at the problem of which the information of intrusion obtained after the event is not integrated in the analysis on intrusion reconstruction of computer forensics,intrusion event and scene of intrusion is defined normally,and the method "event correlation" is introduced to intrusion reconstruction of computer forensics.The real-time intrusion reconstruction system is built based on event corre-lation.This system predefined a table of causality between intrusion events and got the degree of event correlation frme the table,and eliminated the redundancy between events.Thusthe diagram of intrusion reconstruction is obtained in the system.In theend,aninstance is given in which building an intact scene of intrusion with the method of correlation of segmental intrusion act. |
| |
| Keywords: | computer forensics intrusion event intrusion scene intrusion reconstruction event correlation real-time system |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
