计算机工程与科学2024,Vol.46Issue(7):1229-1236,8.DOI:10.3969/j.issn.1007-130X.2024.07.011
基于因果关系的反取证擦除技术检测模型
An anti-forensic detection model based on causality calculation
摘要
Abstract
In modern network attacks,attackers often use various anti-forensics techniques to conceal their tracks.The harm of data erasure in anti-forensics technology is significant.Attackers can use this attack to delete or destroy data,thereby destroying attack evidence and disrupting the forensics process.Due to the concealment of the erasure activity itself,it is difficult to detect.This paper proposes an anti-forensics check module(AFCM)using causal relationship based traceability technology.The model gen-erates an alert traceability graph based on alert information,and calculates anomaly scores for each path in the graph through attack behavior characteristics.Through further filtering and aggregation calcula-tions,the attack path is ultimately generated.The experimental results show that this model can effec-tively achieve traceability tracking of anti-forensics erasure activities and improve the identification be-tween anti data erasure attack activities and normal activities.关键词
反取证/攻击溯源/因果关系/网络安全/数据擦除Key words
anti-forensics/attack traceability/causal relationship/network security/data wiping分类
信息技术与安全科学引用本文复制引用
杜放,焦健,焦立博..基于因果关系的反取证擦除技术检测模型[J].计算机工程与科学,2024,46(7):1229-1236,8.基金项目
国家自然科学基金(62202059) (62202059)
