期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

网络取证隐马尔可夫模型证据融合方法 被引量:1

Evidence Fusion of the Network Forensics on the Hidden Markov Models
下载PDF
导出
摘要 针对网络取证因果关联证据融合方法存在的算法复杂、重现场景不够精确等问题,提出了基于隐马尔科夫模型的网络取证证据融合方法,阐述了应用隐马尔科夫模型进行证据融合的可行性。该方法以元证据序列作为随机观察序列,以网络入侵步骤作为随机状态序列,通过对元证据序列进行解码操作,找寻最可能的网络入侵步骤并据此回溯证据链。实验结果表明,与基于贝叶斯网络的多源证据融合方法相比,该方法的算法复杂度和抵御干扰项的能力均得到了明显的改善,该方法能够以较小的代价较精确地重现网络入侵的犯罪现场。 To improve the algorithm complexity and the accuracy of reproduced scene, a new method for the evidence fusion of the network forensics on the hidden Markov models (HMM) is proposed. The feasibility of this method is expounded. By taking the sequence of the meta-evidenee as the random observation sequence, and the network intrusion step as the random state sequence, the most likely network intrusion step is inferred by the decoding operation aimed at the sequence of the meta-evidence and the chain of the evidence is backtracked accordingly. When they are applied in the same problem, the algorithm complexity and the anti-interference ability of the proposed method are dramatically modified compared with the method of Bayesian network. Therefore, the proposed method has a good ability in the cost to reproduce the scene of the crime.
作者 杨珺 马秦生 王敏 曹阳
机构地区 武汉大学电子信息学院 通信指挥学院二系
出处 《电子科技大学学报》 EI CAS CSCD 北大核心 2013年第3期350-354,共5页 Journal of University of Electronic Science and Technology of China
基金 高等学校博士学科点专项科研基金(20040486049)
关键词 计算机取证 数据融合 隐马尔可夫模型 网络安全 computer forensics data fusion hidden Markov models network security
分类号 TN915.08 [电子电信—通信与信息系统]
  • 相关文献

参考文献10

  • 1杨珺,曹阳,马秦生,王敏.人工免疫行为轮廓取证分析方法[J].电子科技大学学报,2010,39(6):911-914. 被引量:2
  • 2WANG Wei, DANIELS T E. A graph based approach toward network forensics analysis[J]. ACM Transactions on Information and System Security, 2008, 12(1): 4:1-4:33.
  • 3WANG Wei, DANIELS T E. Network forensics analysis with evidence graphs[C]//2005 Digital Forensic Research Workshop. New Orleans: DFRWS, 2005: 1-6.
  • 4ABRAHAM T. Event sequence mining to develop profiles for computer forensic investigation purposes[C]// Proceedings of the 2006 Australasian workshops on Grid computing and e-research. Darlinghurst, Australia: Australian Computer Society, 2006:145-153.
  • 5LEE W, QIN X. Statistical causality of INFOSEC alert data[J]. Computer Science, 2005, 5(2): 101-127.
  • 6张有东,曾庆凯,王建东.网络协同取证计算研究[J].计算机学报,2010,33(3):504-513. 被引量:18
  • 7ZHANG You-dong. Cooperotion forensic computing research[C]//Proeeedings of the 1st International Workshop on Knowledge Discovery and Data Mining. Adelaide, Australia: Australian Computer Society, 2008: 25-30.
  • 8DUDA R O, HART P E, STORK D G Pattern classification [M]. 2nd ed. New York: Wiley-Interseienee, 2001.
  • 9杨珺,李晶,王敏,陈晨,廖伟辉.计算机证据元数据表示方法[J].微型机与应用,2009,28(19):63-65. 被引量:1
  • 10MIT Lincoln Laboratory. 2000 DARPA intrusion detec- tion scenario specific data sets[EB/OL]. (2000-2-24) [2009-5-8]. http://www.ll.mit.edullST/ideval/data/2000/ 2000_data_ index.html.

二级参考文献31

  • 1鲍旭华,戴英侠,冯萍慧,朱鹏飞,魏军.基于入侵意图的复合攻击检测和预测算法[J].软件学报,2005,16(12):2132-2138. 被引量:40
  • 2马新新,赵洋,秦志光.Improving Resilience against DDoS Attack in Unstructured P2P Networks[J].Journal of Electronic Science and Technology of China,2007,5(1):18-22. 被引量:6
  • 3宁勇.电子证据的基本问题与取证初探[D].北京:清华大学,2004.
  • 4HILLMANN D.Usingg Dublin Core [EB/OL]. (2001 -04 - 12) [2008 -12 -20].http ://www. dublincore, org/documents.
  • 5A common intrusion specification language[EB/ OL]. (1999-6-11)[2008-8-12]. http ://gost.isi.edu/ cidf/drafts/ language.txt.
  • 6RFC5070: The incident object description exchange format [EB/OL].(2007-12-1)[2009-3-11]. http ://www.rfc-editor.org/rfc/ rfc5070.txt.
  • 7Debarh H, Wespi A. Aggregation and correlation of intrusion detection alerts//Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID). Davis, CA, USA, 2001:85-103.
  • 8Ning P, Cui Y, Reeves D S. Constructing attack scenarios through eorrelation of intrusion alerts//Proceedings of the 9th ACM Conference on Computer and Communications Security. Washington, DC, USA, 2002:245-254.
  • 9Andersson D, Fong M, Valdes A. Heterogeneous sensor correlation: A ease study of live traffic analysis//Proceedings of the 2002 IEEE Information Assuranee Workshop. West Point, NY, USA, 2002:1-12.
  • 10Dain O M, Cuningham R K. Building scenarios from a heterogeneous alert stream//Proeeedings of the 2001 IEEE Workshop on Information Assuranee and Security. West Point, NY, 2001:231-235.

共引文献18

同被引文献9

引证文献1

二级引证文献4

电子科技大学学报
2013年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部