| 注册
首页|期刊导航|计算机工程|计算机入侵取证中的入侵事件重构技术研究

计算机入侵取证中的入侵事件重构技术研究

季雨辰 伏陰 石进 骆斌 赵志宏

计算机工程Issue(1):315-321,7.
计算机工程Issue(1):315-321,7.DOI:10.3969/j.issn.1000-3428.2014.01.068

计算机入侵取证中的入侵事件重构技术研究

Research on Intrusion Event Reconstruction Technology of Computer Intrusion Forensic

季雨辰 1伏陰 2石进 3骆斌 2赵志宏2

作者信息

  • 1. 安徽理工大学计算机科学与工程学院,安徽 淮南 232001
  • 2. 南京大学软件学院,南京 210093
  • 3. 南京大学国家保密学院,南京 210093
  • 折叠

摘要

Abstract

According to characteristics of computer intrusion forensic evidence, such as easy revise, easy loss, numerous sources, multifarious content, this paper discusses the current developing states about intrusion event reconstruction, analyzes intrusion event reconstruction source from the system layer object/event and the operate system layer object/event, and introduces the main intrusion event reconstruction tools. It reviews the existing methods for intrusion event reconstruction, including log analysis based on timestamp, semantic integrity checking, tracking technologies based on operate system layer object, event reconstruction models based on finite state machine and so on, evaluates their performance in terms of several metrics, such as reconstruction efficiency, false positives rate, credibility of evidence, authenticity of evidence, reconstruction environment, and summarizes the pros and cons of each method. Some important future research directions in the field of intrusion event reconstruction of computer intrusion forensic are discussed.

关键词

计算机取证/入侵取证/入侵事件重构/证据来源/入侵重构方法

Key words

computer forensic/intrusion forensic/intrusion event reconstruction/source of evidence/intrusion reconstruction method

分类

信息技术与安全科学

引用本文复制引用

季雨辰,伏陰,石进,骆斌,赵志宏..计算机入侵取证中的入侵事件重构技术研究[J].计算机工程,2014,(1):315-321,7.

基金项目

陠目国家自然科学基金资助陠目(61100197,61100198) (61100197,61100198)

计算机工程

OA北大核心CSCDCSTPCD

1000-3428

访问量3
|
下载量0
段落导航相关论文