摘要
传统的计算机取证技术大多是规则检测,通过构造合理的规则库和关键词,提取出有效的数据证据.针对传统取证技术的不足,设计了一种新的智能神经网络计算机取证模型,结合成熟产品的成功检测结果对神经网络输入进行学习,以专家库预处理方式对规则库输入进行调整,并以Snort开源入侵检测的软件输出进行改造以适应神经网络学习训练.用神经网络对可疑信息提前进行预警,再重点对相关信息进行检测.
The traditional computer forensic methods are based on the rule detection to achieve the evidence by constructing the rule database and recognizing some keywords. Due to the shortage of the traditional computer forensic technology, a new intelligent neural net-work computer forensic model is designed, which was combined with the successful detecting results of the well-performed products to study the neutral network input, to adjust the rule database with the expert database preprocessing method, and to transform the soft out-put with Snort open source intrusion detection to adapt neutral network study training, to give early-warning of the doubtful information and to focus on detecting the information concerned.
出处
《昆明学院学报》
2017年第3期54-57,共4页
Journal of Kunming University
基金
公安部科技创新资助项目(2013YYCXYNST078)
云南省刑事科学重点实验室研究资助项目(YJXK16005)
