基于距离的孤立点挖掘在计算机取证中的应用研究

发布时间：2018-05-24 15:43

本文选题：孤立点 + 计算机取证　；参考：《山东师范大学》2014年硕士论文

【摘要】：随着信息技术的发展，我们已经进入了大数据时期，每天产生各类形式各异的数据，与之相随的会出现各种网络安全问题，，针对这些问题,当前的研究工作主要集中在安全防御方面，但是计算机网络犯罪技术也在不断进步，因此仅靠防御方法是不能很好地打击计算机犯罪的，我们需要发挥社会和法律的力量去打击计算机犯罪，计算机取证技术应运而生。数据挖掘技术可以从海量的数据中挖掘出潜在的、有研究价值的知识，但是从这些海量数据中找到那些极少数的异常行为并发现有意义的知识是一项富有挑战性的工作，然而现实生活中经常包含一些与数据集一般行为或者一般模型不一致的数据对象，即孤立点。虽然正常的行为比数异常行为要多得多，但不正常的行为可能含有非常有趣的知识。所以研究这些孤立点具有一定的理论基础和实践意义。本文对K近邻孤立点检测算法进行了更为细致的研究，进而对其进行了改进，提高了算法的效率及准确性。同时针对网络操作日志数据量大、计算量大的特点，本文采用基于MapReduce架构的分布式算法思想，在Hadoop集群中快速的检测孤立点。对国内和国际的相关异常检测方法的研究和应用进行了详细分析，设计了基于孤立点挖掘的异常检测模型，最后将孤立点检测方法应用于计算机取证技术中。本文主要研究如下： (1)系统探讨了当前国内外孤立点挖掘算法的研究现状，分析了孤立点挖掘算法的应用实例，理论学习了孤立点挖掘算法的概念、流程，并对孤立点挖掘算法的性能和实现机制进行了总结。深入研究计算机取证的相关知识与技能，总结了计算机取证的关键技术，并给出计算机取证的流程。 (2)深入研究基于距离的反向K近邻孤立点检测算法，并指出其不足，并对算法进行了改进，通过剪枝操作去除冗余数据后，加入了自适应确定参数的机制，避免了过多人工参与造成的数据偏离，提高了算法的准确性和高效性。在Hadoop集群架构中设计了基于MapReduce的孤立点检测算法，在分布式环境中快速检测孤立点。 (3)构造一种基于孤立点挖掘算法的日志分析模型，对日志数据进行预处理后，将改进的孤立点检测算法应用到模型中，经实例证明，该模型可以有效的将算法中挖掘出的孤立点进行分析，能够得到初步证据，使得取证服务更加高效、智能。
[Abstract]:With the development of information technology, we have entered the period of big data, and every day we produce various kinds of data in different forms, with which there will be various network security problems, aiming at these problems. The current research work is mainly focused on security defense, but the technology of computer network crime is also making continuous progress. Therefore, it is not possible to crack down on computer crime by relying on defensive methods alone. We need to exert the social and legal forces to combat computer crime, computer forensics technology came into being. Data mining technology can mine potential and valuable knowledge from large amount of data, but it is a challenging task to find a few abnormal behaviors and find meaningful knowledge from these massive data. However, in real life, there are often some data objects that are inconsistent with the general behavior of data sets or general models, that is, outliers. Although normal behavior is much more than abnormal behavior, abnormal behavior may contain very interesting knowledge. Therefore, the study of these isolated points has a certain theoretical basis and practical significance. In this paper, the K-nearest neighbor outlier detection algorithm is studied in detail, and then improved to improve the efficiency and accuracy of the algorithm. At the same time, aiming at the characteristics of large amount of log data and large amount of computation, this paper adopts the idea of distributed algorithm based on MapReduce architecture to detect outliers quickly in Hadoop cluster. The research and application of relevant anomaly detection methods at home and abroad are analyzed in detail. An anomaly detection model based on outlier mining is designed. Finally, outlier detection method is applied to computer forensics. The main contents of this paper are as follows: In this paper, the current situation of outlier mining algorithm at home and abroad is systematically discussed, and the application examples of outlier mining algorithm are analyzed. The concept and flow of outlier mining algorithm are studied theoretically. The performance and implementation mechanism of outlier mining algorithm are summarized. This paper studies the knowledge and skills of computer forensics, summarizes the key technology of computer forensics, and gives the flow of computer forensics. 2) the distance based inverse K-nearest neighbor outlier detection algorithm is studied, and its shortcomings are pointed out, and the algorithm is improved. After the redundant data is removed by pruning operation, the adaptive parameter determination mechanism is added. The data deviation caused by too much artificial participation is avoided, and the accuracy and efficiency of the algorithm are improved. An outlier detection algorithm based on MapReduce is designed in Hadoop cluster architecture, which can detect outliers quickly in distributed environment. A log analysis model based on outlier mining algorithm is constructed. After the log data is preprocessed, the improved outlier detection algorithm is applied to the model. The model can effectively analyze the outliers excavated in the algorithm, and obtain the preliminary evidence, which makes the forensics service more efficient and intelligent.
【学位授予单位】：山东师范大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP311.13;TP393.08

【参考文献】