|
|||||
|
|
| 基于场景重构与报警聚合的网络取证分析技术 | |
| 引用本文: | 董晓梅 赵茜 李晓华 费雅洁. 基于场景重构与报警聚合的网络取证分析技术[J]. 控制与决策, 2014, 29(1): 39-44. DOI: 10.13195/j.kzyjc.2012.1764 |
| 作者姓名: | 董晓梅 赵茜 李晓华 费雅洁 |
| 作者单位: | 1. 东北大学 信息科学与工程学院 2. 沈阳工程学院 信息工程系 |
| 基金项目: | 教育部中央高校基本科研业务费基金项目(N100404005). |
| 摘 要: | 提出一种包含报警标准化、去冗余、场景重构和报警聚合的网络取证分析方法. 通过去除失败攻击的报警, 减少了对证据分析的干扰. 在场景重构中, 通过反向关联, 减少了不必要的证据, 同时通过对孤立报警的补充, 保证了证据链的完整性. 在报警聚合中, 提出了聚合同一攻击步骤的不同报警的方法, 以抽象层和具体层两个层次重构入侵场景. 最后通过实验验证了所提出方法的有效性. |
| 关 键 词: | 网络取证 去冗余 场景重构 报警聚合 |
| 收稿时间: | 2012-11-26 |
| 修稿时间: | 2013-01-24 |
Network forensics based on scenario reconstruction and alert aggregation |
|
| DONG Xiao-mei ZHAO Qian LI Xiao-hua FEI Ya-jie. Network forensics based on scenario reconstruction and alert aggregation[J]. Control and Decision, 2014, 29(1): 39-44. DOI: 10.13195/j.kzyjc.2012.1764 | |
| Authors: | DONG Xiao-mei ZHAO Qian LI Xiao-hua FEI Ya-jie |
| Affiliation: | 1. College of Information Science and Engineering,Northeastern University 2. Department of Information Engineering,Shenyang Institute of Engineering |
| Abstract: | A network forensics research method is proposed, which includes alert standardization, alert redundancy reduction, scenario reconstruction and alert aggregation. The interference of failed attacks to the forensics process is reduced by removing the failed alert. In the process of scenario reconstruction, with the method of inversely association, the unnecessary evidence can be removed. Moreover, isolated alerts are supplemented to ensure the integrity of evidence chain. In the process of alert aggregation, the method of merging different detailed alerts of the same step is proposed. The intrusion scenarios at the abstract layer and the specific layer are reconstructed respectively. Finally, experiments verify the effectiveness of the proposed method. |
| Keywords: | network forensics redundancy reduction scenario reconstruction alert aggregation |
| 本文献已被 CNKI 等数据库收录! | |
| 点击此处可从《控制与决策》浏览原始摘要信息 | |
| 点击此处可从《控制与决策》下载全文 | |