期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

人工免疫行为轮廓取证分析方法 被引量:2

Forensic Analysis Method of Behavior Profiling on Artificial Immunity
下载PDF
导出
摘要 针对当前数据挖掘取证分析方法存在的取证分析效率低的问题,提出了采用免疫克隆算法来构建频繁长模式行为轮廓的取证分析方法。该方法以行为数据和频繁项集的候选模式分别作为抗原和抗体,以抗原对抗体的支持度作为亲和度函数,以关键属性作为约束条件,以最小支持度作为筛选条件,通过对抗体进行免疫克隆操作来构建基于频繁长模式的行为轮廓;采用审计数据遍历行为轮廓匹配对比的分析方法来检测异常数据。实验结果表明,与基于Apriori-CGA算法的取证分析方法相比,该方法的行为轮廓建立时间和异常数据检测时间均大幅降低。该方法有助于提高取证分析的效率以及确立重点调查取证的范围。 To improve the efficiency of the forensic analysis method on data mining,this paper proposes a new method for the forensic analysis of the behavior profiling on the longest frequent pattern which is constructed by immune clonal algorithm.Taking the behavior data and the candidate pattern of the frequent item sets as the antigen and the antibody respectively,the support of the antigen to the antibody as the function of affinity,the key attribute as the constraint condition,and the minimal support as the screening condition,the behavior profiling on the longest frequent pattern is built with the help of the immune clonal operation to antibody.The abnormal data are detected by the matching method that the audit data pass through the list items of the behavior profiling.The proposed method and the method on Apriori-CGA are applied in the same problem.The comparison results indicate that the setting up time of behavior profiling and the test time of abnormal data are dramaticly reduced.Therefore,the proposed method has a good ability in the efficiency of forensic analysis and electronic crime investigation.
作者 杨珺 曹阳 马秦生 王敏
机构地区 武汉大学电子信息学院 武汉大学软件工程国家重点实验室 通信指挥学院二系
出处 《电子科技大学学报》 EI CAS CSCD 北大核心 2010年第6期911-914,919,共5页 Journal of University of Electronic Science and Technology of China
基金 高等学校博士学科点专项科研基金(20040486049) 国家高技术研究发展计划(2002AA1Z1490)
关键词 人工免疫 行为轮廓 计算机取证 计算机安全 数据挖掘 电子犯罪对策 信息分析 模式匹配 artificial immunity behavior profiling computer forensics computer security data mining electronic crime countermeasures information analysis pattern matching
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献12

  • 1PEISERT S, BISHOP M, KARIN S, et al. Analysis of computer intrasions using sequences of function calls[J]. IEEE Trans on Dependable and Secure Computing, 2007, 4(2): 137-150.
  • 2马新新,赵洋,秦志光.Improving Resilience against DDoS Attack in Unstructured P2P Networks[J].Journal of Electronic Science and Technology of China,2007,5(1):18-22. 被引量:6
  • 3HERRERIAS J, GOMEZ R. A log correlation model to support the evidence search process in a forensic investigation[C]//Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering. New York: IEEE Computer Society Press, 2007:31-42.
  • 4ABRAHAM T, VEL O. Investigative profiling with computer forensic log data and association rules[C]// Proceedings of the 2002 IEEE International Conference on Data Mining. New York: IEEE Computer Society Press, 2002: 11-18.
  • 5ABRAHAM T. Event sequence mining to develop profiles for computer forensic investigation purposes[C]//Proceedings of the 2006 Australasian workshops on Grid computing and e-research. Darlinghurst, Australia: Australian Computer Society, 2006: 145-153.
  • 6CASTRO L N, ZUBEN F J. The clonal selection algorithm with engineering applications[C]//Proceedings of GECCO'00, Workshop on Artificial Immune Systems and Their Applications. New York: ACM Press, 2000: 36-37.
  • 7TIMMIS J, HONE A, STIBOR T, et al. Theoretical advances in artificial immune systems[J]. Theoretical Computer Science, 2008, 403(1): 11-32.
  • 8KHILWANI N, PRAKASH A, SHANKAR R, et al. Fast clonal algorithm[J]. Engineering Applications of Artificial Intelligence, 2008, 21(1): 106-128.
  • 9金可仲.基于关键属性约束的关联规则挖掘在日志分析中的应用[J].温州大学学报(自然科学版),2008,29(1):56-60. 被引量:2
  • 10AGRAWAL R, SRIKANT R. Fast algorithm for mining association rules[C]//Proceedings of the 20th Very Large Data Bases International Conference. San Francisco: Morgan Kaufmann Publishers, 1994: 487-499.

二级参考文献10

共引文献6

同被引文献17

  • 1王一淼,彭宏,陈龙.基于入侵检测系统的主动取证方法[J].计算机应用研究,2007,24(5):278-279. 被引量:4
  • 2Mukkamala S, Sung H A. Identifying significant features for network forensic analysis using artificial intelligent techniques[J]. International Journal of Digital Evidence, 2003,1(4) :1-17.
  • 3Nasraoui O, Gonz'alez F, Cardona C, et al. A scalable artificial immune system model for dynamic unsupervised learning[C]//Proceedings of GECCO 2003. Berlin Heidelberg: Springer-verlag, 2003:219-230.
  • 4Portnoy L, Eskin E, Stolfo S J. Intrusion detection with unlabeled data using clustering[C]//ACM Workshop on Data Mining Applied to Security. New York: ACM Press, 2001 : 1-14.
  • 5Stolfo S J, Fan W, Lee W, et al. KDD CUP'99 task description[EB/OL]. (1999-10-28)[2009-05-08]. http:// KDD. ics. uci. edu/databases/kddcup99/task, html.
  • 6Nasraoui O, Cardona C, Rojas C, et aI. Tecnostreams: Tracking evolving clusters in noisy data streams with a scalable immune system learning model [C]//Proceedings of Third IEEE International Conference on Data Mining. New York: IEEE Computer Society Press, 2003:348-356.
  • 7Huang Zhexue. Clustering large data sets with mixed numeric and categorical values [C]//Proceedings of First Pacific Asia Knowledge Discovery and Data Mining Conference. Singapore: World Scientific, 1997:21- 37.
  • 8The UCI KDD Archive, Information and Computer Science University of California. KDD CUP' 99 data fEB/OLd. (1999-10-28) [2009-07-30]. http://kdd. ics. uci. edu/databases/kddcup99/kddcup99, html.
  • 9WANG Wei, DANIELS T E. A graph based approach toward network forensics analysis[J]. ACM Transactions on Information and System Security, 2008, 12(1): 4:1-4:33.
  • 10WANG Wei, DANIELS T E. Network forensics analysis with evidence graphs[C]//2005 Digital Forensic Research Workshop. New Orleans: DFRWS, 2005: 1-6.

引证文献2

二级引证文献5

电子科技大学学报
2010年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部