首页 | 本学科首页   官方微博 | 高级检索  
     

面向网络取证的网络攻击追踪溯源技术分析
引用本文:刘雪花,丁丽萍,郑涛,吴敬征,李彦峰. 面向网络取证的网络攻击追踪溯源技术分析[J]. 软件学报, 2021, 32(1): 194-217
作者姓名:刘雪花  丁丽萍  郑涛  吴敬征  李彦峰
作者单位:(中国科学院软件研究所并行软件与计算科学实验室,北京100190);(中国科学院大学计算机科学与技术学院,北京100049);(中国科学院软件研究所并行软件与计算科学实验室,北京100190);(广州中国科学院软件应用技术研究所电子数据取证实验室,广东广州511458);(广东中科实数科技有限公司,广东广州511458);(联通华盛通信有限公司,北京100005);(中国科学院软件研究所智能软件研究中心,北京100190)
基金项目:广州市科技计划项目(201802020015);羊城创新创业领军人才支持计划资助(领军人才2016008)
摘    要:首先定位网络攻击事件的源头,然后进行有效的电子数据证据的收集,是网络取证的任务之一.定位网络攻击事件源头需要使用网络攻击追踪溯源技术.然而,现有的网络攻击追踪溯源技术研究工作主要从防御的角度来展开,以通过定位攻击源及时阻断攻击为主要目标,较少会考虑到网络取证的要求,从而导致会在网络攻击追踪溯源过程中产生的大量有价值的数...

关 键 词:网络攻击追踪溯源  网络取证  电子数据证据可采性  电子数据证据证明力  取证过程模型  IP追踪
收稿时间:2020-01-14
修稿时间:2020-06-04

Analysis of Cyber Attack Traceback Techniques from the Perspective of Network Forensics
LIU Xue-Hu,DING Li-Ping,ZHENG Tao,WU Jing-Zheng,LI Yan-Feng. Analysis of Cyber Attack Traceback Techniques from the Perspective of Network Forensics[J]. Journal of Software, 2021, 32(1): 194-217
Authors:LIU Xue-Hu  DING Li-Ping  ZHENG Tao  WU Jing-Zheng  LI Yan-Feng
Affiliation:Laboratory of Parallel Software and Computational Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 100049, China;Laboratory of Parallel Software and Computational Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;Digital Forensics Lab, Institute of Software Application Technology, Guangzhou&Chinese Academy of Sciences, Guangzhou 511458, China;Guangdong Chinese Academy of Sciences&Realdata Science and Technology Company Limited, Guangzhou 511458, China;China United Vsens Communications Corporation Limited, Beijing 100005, China;Intelligent Software Research Center, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
Abstract:Locating the source of cyber attack and then collecting electronic evidence is one of the tasks of network forensics. Therefore, cyber attack traceback techniques are used to locate the source of cyber attack. However, current research on cyber attack traceback is mainly conducted from a defensive prospective, targeting at blocking cyber attack as soon as possible via locating the cyber attack source, and rarely considers cyber evidence acquirement. As a result, the large amount of valuable electronic evidence generated during the process of cyber attack traceback cannot be used in prosecutions, and their value in network forensics cannot be fully exploited. Therefore, a set of forensic capability metrics is proposed to assess the forensic capabilities of cyber attack traceback techniques. The latest cyber attack traceback technologies, including cyber attack traceback based on Software defined network, are summarized and analyzed. We analyzed their forensic capabilities and provided some suggestions for improvement. A specific forensics process model for cyber attack traceback is proposed, providing reference for research on cyber attack traceback technology targeting at network forensics.
Keywords:cyber attack source traceback  network forensics  the admissibility of digital evidence  the probative force of digital evidence  forensic process model  IP traceback
本文献已被 万方数据 等数据库收录!
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号