首页 | 本学科首页   官方微博 | 高级检索  
     

人工免疫行为轮廓取证分析方法
引用本文:杨珺,曹阳,马秦生,王敏. 人工免疫行为轮廓取证分析方法[J]. 电子科技大学学报(自然科学版), 2010, 39(6): 911. DOI: 10.3969/j.issn.1001-0548.2010.06.022
作者姓名:杨珺  曹阳  马秦生  王敏
作者单位:武汉大学电子信息学院,武汉,430079;武汉大学电子信息学院,武汉,430079;武汉大学软件工程国家重点实验室,武汉,430072;通信指挥学院二系,武汉,430010
基金项目:高等学校博士学科点专项科研基金(20040486049);国家高技术研究发展计划(2002AA1Z1490)
摘    要:针对当前数据挖掘取证分析方法存在的取证分析效率低的问题,提出了采用免疫克隆算法来构建频繁长模式行为轮廓的取证分析方法。该方法以行为数据和频繁项集的候选模式分别作为抗原和抗体,以抗原对抗体的支持度作为亲和度函数,以关键属性作为约束条件,以最小支持度作为筛选条件,通过对抗体进行免疫克隆操作来构建基于频繁长模式的行为轮廓;采用审计数据遍历行为轮廓匹配对比的分析方法来检测异常数据。实验结果表明,与基于Apriori-CGA算法的取证分析方法相比,该方法的行为轮廓建立时间和异常数据检测时间均大幅降低。该方法有助于提高取证分析的效率以及确立重点调查取证的范围。

关 键 词:人工免疫  行为轮廓  计算机取证  计算机安全  数据挖掘  电子犯罪对策  信息分析  模式匹配
收稿时间:2009-06-03

Forensic Analysis Method of Behavior Profiling on Artificial Immunity
Affiliation:1.School of Electronic Information,Wuhan University Wuhan 430079;2.State Key Laboratory of Software Engineering,Wuhan University Wuhan 430072;3.Second Department,Commanding Communications Academy Wuhan 430010
Abstract:To improve the efficiency of the forensic analysis method on data mining, this paper proposes a new method for the forensic analysis of the behavior profiling on the longest frequent pattern which is constructed by immune clonal algorithm. Taking the behavior data and the candidate pattern of the frequent item sets as the antigen and the antibody respectively, the support of the antigen to the antibody as the function of affinity, the key attribute as the constraint condition, and the minimal support as the screening condition, the behavior profiling on the longest frequent pattern is built with the help of the immune clonal operation to antibody. The abnormal data are detected by the matching method that the audit data pass through the list items of the behavior profiling. The proposed method and the method on Apriori-CGA are applied in the same problem. The comparison results indicate that the setting up time of behavior profiling and the test time of abnormal data are dramaticly reduced. Therefore, the proposed method has a good ability in the efficiency of forensic analysis and electronic crime investigation.
Keywords:
本文献已被 万方数据 等数据库收录!
点击此处可从《电子科技大学学报(自然科学版)》浏览原始摘要信息
点击此处可从《电子科技大学学报(自然科学版)》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号