基于用户行为分析的取证系统设计与实现
发布时间:2018-07-20 16:30
【摘要】:随着使用网络支付的网民规模迅速增长,网上支付安全逐渐成为信息安全的重要方面。为了保证网上支付得到有效监管,可以通过对个人异常操作进行取证分析。因此,为了精准打击计算机犯罪,迫切需要一些针对个人异常行为的计算机取证技术。目前计算机取证技术仅限于对网络和主机痕迹取证,对于个人异常行为缺乏有效的取证方法。个人异常行为取证的难点在于如何通过分析用户的操作数据,挖掘出有用的证据。因此,针对用户行为的取证技术是当前计算机取证科学和计算机取证应用中的难题之一。本文针对目前国际、国内相对比较少的领域——用户异常行为取证展开研究。主要工作是利用用户行为分析技术设计和实现一个性能良好的取证系统。该系统能够通过捕捉并分析与用户行为紧密相关的操作数据变化来判断该用户行为是否异常。因此,本文完成了以下工作:(1)在了解目前用户行为分析技术发展现状的基础之上,本文介绍了用于数据采集的Windows下API钩挂技术、用于数据校验的数据指纹技术、用于数据分析的用户行为分析技术。最终,明确了系统需要解决的问题,确定了系统开发环境。(2)在需求分析的基础上,完成了对基于用户行为分析的取证系统的设计。首先对系统进行了概要设计,确定了系统分为客户端和Web服务器端两个部分。客户端主要负责数据采集、数据上传和报告下载。Web服务器端部分主要负责数据接收、数据分析和生成报告。最后从系统设计的角度对系统进行了详细设计,确定了系统的技术架构和各个模块的功能。(3)在系统设计的基础上,采用用户行为分析技术,通过编程实现了基于用户行为分析的取证系统。最后,把系统部署在Hadoop平台下,对系统进行功能性检测和性能测试。通过采集常见的用户操作,选择数据分析模块作为测试用例,发现系统能够完整地检测出异常用户的操作,且具有较高的准确率。
[Abstract]:With the rapid growth of Internet payment, online payment security has gradually become an important aspect of information security. In order to ensure the effective supervision of online payment, we can conduct forensic analysis of individual abnormal operations. Therefore, in order to crack down on computer crime, computer forensics is urgently needed for individual abnormal behavior. At present, computer forensics technology is limited to the evidence of network and mainframe traces, and lacks effective methods to obtain evidence for individual abnormal behavior. The difficulty of obtaining evidence of individual abnormal behavior lies in how to mine useful evidence by analyzing the user's operation data. Therefore, forensics is one of the most difficult problems in computer forensics and computer forensics. This paper focuses on the research of user abnormal behavior forensics, which is relatively few at home and abroad. The main work is to design and implement a good performance forensics system using user behavior analysis technology. The system can detect whether the user behavior is abnormal or not by capturing and analyzing the change of the operation data which is closely related to the user's behavior. Therefore, the following work has been accomplished in this paper: (1) on the basis of understanding the current development of user behavior analysis technology, this paper introduces the API hook technology for data acquisition and the data fingerprint technology for data verification. User behavior analysis technology for data analysis. Finally, the problems that the system needs to solve are defined and the system development environment is determined. (2) based on the requirement analysis, the design of the forensics system based on the user behavior analysis is completed. The system is divided into two parts: client and Web server. The client is mainly responsible for data collection, data upload and report download. Web server is mainly responsible for data receiving, data analysis and report generation. Finally, the system is designed in detail from the point of view of system design, and the technical framework of the system and the functions of each module are determined. (3) based on the design of the system, the user behavior analysis technology is adopted. The system based on user behavior analysis is realized by programming. Finally, the system is deployed on Hadoop platform to test the function and performance of the system. By collecting common user operations and selecting the data analysis module as test cases, it is found that the system can detect the abnormal user's operation completely and has a high accuracy.
【学位授予单位】:山东师范大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP309;D918
本文编号:2134104
[Abstract]:With the rapid growth of Internet payment, online payment security has gradually become an important aspect of information security. In order to ensure the effective supervision of online payment, we can conduct forensic analysis of individual abnormal operations. Therefore, in order to crack down on computer crime, computer forensics is urgently needed for individual abnormal behavior. At present, computer forensics technology is limited to the evidence of network and mainframe traces, and lacks effective methods to obtain evidence for individual abnormal behavior. The difficulty of obtaining evidence of individual abnormal behavior lies in how to mine useful evidence by analyzing the user's operation data. Therefore, forensics is one of the most difficult problems in computer forensics and computer forensics. This paper focuses on the research of user abnormal behavior forensics, which is relatively few at home and abroad. The main work is to design and implement a good performance forensics system using user behavior analysis technology. The system can detect whether the user behavior is abnormal or not by capturing and analyzing the change of the operation data which is closely related to the user's behavior. Therefore, the following work has been accomplished in this paper: (1) on the basis of understanding the current development of user behavior analysis technology, this paper introduces the API hook technology for data acquisition and the data fingerprint technology for data verification. User behavior analysis technology for data analysis. Finally, the problems that the system needs to solve are defined and the system development environment is determined. (2) based on the requirement analysis, the design of the forensics system based on the user behavior analysis is completed. The system is divided into two parts: client and Web server. The client is mainly responsible for data collection, data upload and report download. Web server is mainly responsible for data receiving, data analysis and report generation. Finally, the system is designed in detail from the point of view of system design, and the technical framework of the system and the functions of each module are determined. (3) based on the design of the system, the user behavior analysis technology is adopted. The system based on user behavior analysis is realized by programming. Finally, the system is deployed on Hadoop platform to test the function and performance of the system. By collecting common user operations and selecting the data analysis module as test cases, it is found that the system can detect the abnormal user's operation completely and has a high accuracy.
【学位授予单位】:山东师范大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP309;D918
【参考文献】
相关期刊论文 前10条
1 宋海涛;韦大伟;汤光明;孙怡峰;;基于模式挖掘的用户行为异常检测算法[J];小型微型计算机系统;2016年02期
2 李宁;;基于一致性Hash算法的分布式缓存数据冗余[J];软件导刊;2016年01期
3 倪思颖;;HBase的物理、逻辑结构以及数据操作和适用场景探析[J];信息与电脑(理论版);2016年01期
4 刘春晖;黄宇;宋琦;;一种改进的AC多模式匹配算法[J];计算机工程;2015年10期
5 封成玉;傅一帆;崔艳鹏;;关于PE文件加节程序分析[J];电子科学技术;2015年05期
6 陈潮;;电子取证面临的挑战与对策研究[J];广西警官高等专科学校学报;2015年04期
7 曾建光;;网络安全风险感知与互联网金融的资产定价[J];经济研究;2015年07期
8 施亮;钱雪忠;;基于Hadoop的并行FP-Growth算法的研究与实现[J];微电子学与计算机;2015年04期
9 孟永伟;黄建强;曹腾飞;王晓英;;Hadoop集群部署实验的设计与实现[J];实验技术与管理;2015年01期
10 吴松洋;张熙哲;王旭鹏;李祥学;;基于Hadoop的高效分布式取证:原理与方法[J];电信科学;2014年01期
相关硕士学位论文 前2条
1 冯晓普;HBase存储的研究与应用[D];北京邮电大学;2014年
2 崔鹏;基于操作网的内部威胁检测模型研究[D];国防科学技术大学;2009年
,本文编号:2134104
本文链接:https://www.wllwen.com/falvlunwen/fanzuizhian/2134104.html