基于用户行为分析的取证系统设计与实现

发布时间：2018-07-20 16:30

【摘要】：随着使用网络支付的网民规模迅速增长,网上支付安全逐渐成为信息安全的重要方面。为了保证网上支付得到有效监管,可以通过对个人异常操作进行取证分析。因此,为了精准打击计算机犯罪,迫切需要一些针对个人异常行为的计算机取证技术。目前计算机取证技术仅限于对网络和主机痕迹取证,对于个人异常行为缺乏有效的取证方法。个人异常行为取证的难点在于如何通过分析用户的操作数据,挖掘出有用的证据。因此,针对用户行为的取证技术是当前计算机取证科学和计算机取证应用中的难题之一。本文针对目前国际、国内相对比较少的领域——用户异常行为取证展开研究。主要工作是利用用户行为分析技术设计和实现一个性能良好的取证系统。该系统能够通过捕捉并分析与用户行为紧密相关的操作数据变化来判断该用户行为是否异常。因此,本文完成了以下工作:(1)在了解目前用户行为分析技术发展现状的基础之上,本文介绍了用于数据采集的Windows下API钩挂技术、用于数据校验的数据指纹技术、用于数据分析的用户行为分析技术。最终,明确了系统需要解决的问题,确定了系统开发环境。(2)在需求分析的基础上,完成了对基于用户行为分析的取证系统的设计。首先对系统进行了概要设计,确定了系统分为客户端和Web服务器端两个部分。客户端主要负责数据采集、数据上传和报告下载。Web服务器端部分主要负责数据接收、数据分析和生成报告。最后从系统设计的角度对系统进行了详细设计,确定了系统的技术架构和各个模块的功能。(3)在系统设计的基础上,采用用户行为分析技术,通过编程实现了基于用户行为分析的取证系统。最后,把系统部署在Hadoop平台下,对系统进行功能性检测和性能测试。通过采集常见的用户操作,选择数据分析模块作为测试用例,发现系统能够完整地检测出异常用户的操作,且具有较高的准确率。
[Abstract]:With the rapid growth of Internet payment, online payment security has gradually become an important aspect of information security. In order to ensure the effective supervision of online payment, we can conduct forensic analysis of individual abnormal operations. Therefore, in order to crack down on computer crime, computer forensics is urgently needed for individual abnormal behavior. At present, computer forensics technology is limited to the evidence of network and mainframe traces, and lacks effective methods to obtain evidence for individual abnormal behavior. The difficulty of obtaining evidence of individual abnormal behavior lies in how to mine useful evidence by analyzing the user's operation data. Therefore, forensics is one of the most difficult problems in computer forensics and computer forensics. This paper focuses on the research of user abnormal behavior forensics, which is relatively few at home and abroad. The main work is to design and implement a good performance forensics system using user behavior analysis technology. The system can detect whether the user behavior is abnormal or not by capturing and analyzing the change of the operation data which is closely related to the user's behavior. Therefore, the following work has been accomplished in this paper: (1) on the basis of understanding the current development of user behavior analysis technology, this paper introduces the API hook technology for data acquisition and the data fingerprint technology for data verification. User behavior analysis technology for data analysis. Finally, the problems that the system needs to solve are defined and the system development environment is determined. (2) based on the requirement analysis, the design of the forensics system based on the user behavior analysis is completed. The system is divided into two parts: client and Web server. The client is mainly responsible for data collection, data upload and report download. Web server is mainly responsible for data receiving, data analysis and report generation. Finally, the system is designed in detail from the point of view of system design, and the technical framework of the system and the functions of each module are determined. (3) based on the design of the system, the user behavior analysis technology is adopted. The system based on user behavior analysis is realized by programming. Finally, the system is deployed on Hadoop platform to test the function and performance of the system. By collecting common user operations and selecting the data analysis module as test cases, it is found that the system can detect the abnormal user's operation completely and has a high accuracy.
【学位授予单位】：山东师范大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP309;D918

【参考文献】