基于场景重构与报警聚合的网络取证分析技术

发布时间：2018-07-05 09:34

本文选题：网络取证 + 去冗余　；参考：《控制与决策》2014年01期

【摘要】：提出一种包含报警标准化、去冗余、场景重构和报警聚合的网络取证分析方法.通过去除失败攻击的报警,减少了对证据分析的干扰.在场景重构中,通过反向关联,减少了不必要的证据,同时通过对孤立报警的补充,保证了证据链的完整性.在报警聚合中,提出了聚合同一攻击步骤的不同报警的方法,以抽象层和具体层两个层次重构入侵场景.最后通过实验验证了所提出方法的有效性.
[Abstract]:A network forensics analysis method including alarm standardization, redundancy removal, scene reconstruction and alarm aggregation is proposed. By removing the alarm of the failure attack, the interference to the evidence analysis is reduced. In scene reconstruction, the unnecessary evidence is reduced by reverse correlation, and the integrity of the evidence chain is ensured by supplementing the isolated alarm. In the process of alarm aggregation, a method of aggregating different alarms of the same attack step is proposed to reconstruct the intrusion scene at two levels: abstract layer and concrete layer. Finally, the effectiveness of the proposed method is verified by experiments.
【作者单位】：东北大学信息科学与工程学院;沈阳工程学院信息工程系;
【基金】：教育部中央高校基本科研业务费基金项目(N100404005)
【分类号】：TP393.08

【参考文献】