计算机工程Issue(1):315-321,7.DOI:10.3969/j.issn.1000-3428.2014.01.068
计算机入侵取证中的入侵事件重构技术研究
Research on Intrusion Event Reconstruction Technology of Computer Intrusion Forensic
摘要
Abstract
According to characteristics of computer intrusion forensic evidence, such as easy revise, easy loss, numerous sources, multifarious content, this paper discusses the current developing states about intrusion event reconstruction, analyzes intrusion event reconstruction source from the system layer object/event and the operate system layer object/event, and introduces the main intrusion event reconstruction tools. It reviews the existing methods for intrusion event reconstruction, including log analysis based on timestamp, semantic integrity checking, tracking technologies based on operate system layer object, event reconstruction models based on finite state machine and so on, evaluates their performance in terms of several metrics, such as reconstruction efficiency, false positives rate, credibility of evidence, authenticity of evidence, reconstruction environment, and summarizes the pros and cons of each method. Some important future research directions in the field of intrusion event reconstruction of computer intrusion forensic are discussed.关键词
计算机取证/入侵取证/入侵事件重构/证据来源/入侵重构方法Key words
computer forensic/intrusion forensic/intrusion event reconstruction/source of evidence/intrusion reconstruction method分类
信息技术与安全科学引用本文复制引用
季雨辰,伏陰,石进,骆斌,赵志宏..计算机入侵取证中的入侵事件重构技术研究[J].计算机工程,2014,(1):315-321,7.基金项目
陠目国家自然科学基金资助陠目(61100197,61100198) (61100197,61100198)
