网络入侵案件的侦查与分析方法研究

网络入侵型案件的侦查与取证工作较为复杂,涉及网站架构、日志分析、恶意代码分析等多种知识。办理此类型案件时,采用合适的侦查与分析方法,可以提高破案率与侦办效率。总结提出了网络入侵型案件的侦查思路与分析方法,将传统的入侵线索侦查与木马逆向分析相结合,结合实战案例,对网站的源代码文件与网站服务器日志文件进行分析,成功定位入侵者植入在网站源文件中的木马程序,并利用逆向分析的方法确定木马程序的功能,对此类案件的侦查与取证工作具有借鉴作用。     

网站入侵案件中的电子证据研究

为了提高电子证据勘查取证水平,有效打击网站入侵案件,笔者通过模拟网络环境对常见网站入侵方式进行研究,同时也对近两年侦办的网站入侵案件进行了分析.文章阐述了在网站入侵案件中电子证据现场勘查需要重点勘查服务器日志、网站日志、木马文件、特殊目录下的特殊文件等日志和文件,需要提取、固定IP地址、用户名、计算机名称、虚拟身份、入...     

基于Multi-Agent的网络入侵取证模型的设计

在分析网络入侵取证和多Agent技术的基础上,提出了一个基于多Agent的网络入侵取证系统的模型,并详细描述了入侵检测与取证的过程和方法。将入侵检测和计算机取证技术结合在一起,在遭受入侵时能实时地收集可靠的证据,完成入侵事件的检测和取证分析,弥补了入侵检测系统的不足,有效地阻止了黑客攻击。     

基于Multi-Agent的网络入侵取证模型的设计

在分析网络入侵取证和多Agent技术的基础上,提出了一个基于多Agent的网络入侵取证系统的模型,并详细描述了入侵检测与取证的过程和方法.将入侵检测和计算机取证技术结合在一起,在遭受入侵时能实时地收集可靠的证据,完成入侵事件的检测和取证分析,弥补了入侵检测系统的不足,有效地阻止了黑客攻击.     

一种基于图像处理的铁轨自动检测方法

现有的网络取证系统假设当发生入侵行为时系统仍然处于可靠的工作状态,未考虑系统状态变化对取证的影响.该文提出一个具有入侵容忍能力的网络取证系统INFS,分析了该原型系统的入侵容忍机制、基于SMP的取证控制机制和安全传输机制,以及取证agent、攻击回溯agent的工作机理,讨论了对应于不同系统状态的取证分析方法,提出了协同取证技术.     

基于入侵容忍的网络取证系统设计

现有的网络取证系统假设当发生入侵行为时系统仍然处于可靠的工作状态,未考虑系统状态变化对取证的影响。该文提出一个具有入侵容忍能力的网络取证系统INFS,分析了该原型系统的入侵容忍机制、基于SMP的取证控制机制和安全传输机制,以及取证agent、攻击回溯agent的工作机理,讨论了对应于不同系统状态的取证分析方法,提出了协同取证技术。     

入侵检测动态取证模型

文章分析了计算机取证的发展情况,指出进行动态取证是其必然的发展趋势。在论证了入侵检测系统用于动态取证的可行性之后,给出了动态取证系统模型,并进行了详尽的阐述。该模型将入侵检测系统与司法分析技术有机结合,它的提出对计算机犯罪的动态取证有一定指导意义。     

一种入侵检测取证系统模型的设计

随着网络技术的发展,黑客攻击现象越来越多。计算机取证技术是当今一种热门的动态安全技术,它采用主动出击的方法,搜集入侵证据,查出黑客的来源,有效地防范黑客入侵。文中提出了一种入侵检测取证系统模型,它考虑把入侵检测和计算机取证技术结合在一起。在遭受入侵时它能实时地收集可靠的证据,完成入侵事件的检测和取证分析,弥补了入侵检测的不足,有效地阻止了黑客攻击。文章详细介绍了入侵检测取证的过程和方法,并讨论了系统存在的问题。     

Honeypots网络取证技术研究

网络取证技术是当今一种热门的动态安全技术,它采用主动出击的方法,搜集犯罪证据,查出入侵的来源,有效地防范网络入侵.文中在分析网络取证的基本原理和Honeypots(蜜罐)技术特点基本上,将Honeypots应用到网络取证中,提出了基于蜜罐技术的网络取证系统,给出了系统模型和网络拓扑结构;并对各模块进行了分析并且给出实现方法.该系统在Honeypots的协同工作下能实时、准确和全面地收集入侵证据,再现入侵过程.     

日志关联分析技术在计算机取证中的应用研究

日志文件是计算机取证的重要依据.分析现有日志取证技术的不足,提出基于日志关联分析的计算机取证模型,通过对犯罪入侵事件特征和序列的关联分析,提取犯罪入侵证据.     

Fast and precise points-to analysis

Many software engineering applications require points-to analysis. These client applications range from optimizing compilers to integrated program development environments (IDEs) and from testing environments to reverse-engineering tools. Moreover, software engineering applications used in an edit-compile cycle need points-to analysis to be fast and precise.In this article, we present a new context- and flow-sensitive approach to points-to analysis where calling contexts are distinguished by the points-to sets analyzed for their call target expressions. Compared to other well-known context-sensitive techniques it is faster in practice, on average, twice as fast as the call string approach and by an order of magnitude faster than the object-sensitive technique. In fact, it shows to be only marginally slower than a context-insensitive baseline analysis. At the same time, it provides higher precision than the call string technique and is similar in precision to the object-sensitive technique. We confirm these statements with experiments using a number of abstract precision metrics and a concrete client application: escape analysis.     

源代码分析技术的理论与实践发展

源代码分析技术对于软件安全缺陷分析是一项非常重要的手段.分析了软件源代码分析工具的技术手段和发展过程,最后对源代码分析的理论和实践进行了分析总结.     

C语言的别名分析方法研究

别名分析对于数据流分析、程序优化和分析工具的实现非常重要.文章提出了一种需求驱动,流非敏感的分析算法来解决指针别名问题.通过构造程序表达式图(PEG)把指针别名问题转化成判断两个指针节点是否是联通的问题,它不同于传统的别名分析方法,它不需要构造别名集合和对其求交集,所以提高了分析指针别名的效率.     

The use of protocol analysis for determining ability requirements for personnel selection on a computer-based task

Abstract

The role of cognitively oriented tasks in the workplace continues to increase as automation of physical task components advances. Difficulties in automating the operator's cognitive processes have placed a renewed emphasis on the human component in advanced manufacturing systems. While traditional task analysis techniques have made significant contributions to improving productivity when important task elements are visually observable, their focus on manual task procedures make them less effective for cognitively oriented activities. This research has made a first attempt at integrating techniques from several disciplines to develop a cognitive task analysis methodology. The utility of this combined approach is examined for a new system being tested in the United States Postal Service. This task requires operators to encode, via a keyboard, addresses presented on a video display terminal. Results support the hypothesis that, for cognitively oriented tasks, a consensus based analysis technique (the Position Analysis Questionnaire) can be significantly improved by including data from task analysis provided the methodology is suitable for identifying non-physical task components.     

A system to assist survey analysts

The researcher who knows little about computers but wants to conduct a survey and analyse the results by computer can land himself in some difficulty if he does not appreciate some of the problems of computerization. This paper describes a system which is designed to aid such a person by providing assistance with the design of the questionnaire, the capturing of the data and the final analyses.     

A novel analysis space for pointer analysis and its application for bug finding

The size of today’s programs continues to grow, as does the number of bugs they contain. Testing alone is rarely able to flush out all bugs, and many lurk in difficult-to-test corner cases. An important alternative is static analysis, in which correctness properties of a program are checked without running it. While it cannot catch all errors, static analysis can catch many subtle problems that testing would miss.We propose a new space of abstractions for pointer analysis—an important component of static analysis for C and similar languages. We identify two main components of any abstraction—how to model statement order and how to model conditionals, then present a new model of programs that enables us to explore different abstractions in this space. Our assign-fetch graph represents reads and writes to memory instead of traditional points-to relations and leads to concise function summaries that can be used in any context. Its flexibility supports many new analysis techniques with different trade-offs between precision and speed.We present the details of our abstraction space, explain where existing algorithms fit, describe a variety of new analysis algorithms based on our assign-fetch graphs, and finally present experimental results that show our flow-aware abstraction for statement ordering both runs faster and produces more precise results than traditional flow-insensitive analysis.     

基于因子分析法和聚类分析法的副省级城市宜居情况聚类评价

重点选取了15个副省级城市的第一产业比重、人口密度、人均绿地、园林面积、医院数目,市政建设面积、地方财政税收等42个指标,使用SPSS作为计算工具,使用因子分析方法简化评价指标,计算相关系数矩阵,判别因子分析可行性,利用主成分分析法求因子载荷,将因子进行旋转得出更有实际意义的因子解释,并计算因子得分,利用该结果计算Mi...     

Cost analysis of object-oriented bytecode programs

Cost analysis statically approximates the cost of programs in terms of their input data size. This paper presents, to the best of our knowledge, the first approach to the automatic cost analysis of object-oriented bytecode programs. In languages such as Java and C#, analyzing bytecode has a much wider application area than analyzing source code since the latter is often not available. Cost analysis in this context has to consider, among others, dynamic dispatch, jumps, the operand stack, and the heap. Our method takes a bytecode program and a cost model specifying the resource of interest, and generates cost relations which approximate the execution cost of the program with respect to such resource. We report on COSTA, an implementation for Java bytecode which can obtain upper bounds on cost for a large class of programs and complexity classes. Our basic techniques can be directly applied to infer cost relations for other object-oriented imperative languages, not necessarily in bytecode form.     

数据分析需求与实现

数据分析是从海量数据中发现隐含信息或知识的过程。基于一个公安破案辅助数据分析系统,深入研究数据分析任务的需求与实现,提出首先规划分析思路、细化分析功能,然后用多视角数据透视和智能分析两种手段,从微观与宏观、定量与定性等不同角度互为补充地使系统具有完备的分析功能。该研究对如何开发具有实用价值的数据分析系统有普遍的指导意义。