检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]华中科技大学计算机学院,武汉430074 [2]华中科技大学网络中心,武汉430074
出 处:《计算机科学》2009年第11期65-67,156,共4页Computer Science
基 金:国家自然科学基金(60573120)资助
摘 要:随着网络入侵技术和计算机犯罪技术的发展,动态取证变得越来越重要。利用入侵检测系统和蜜罐来实现入侵取证的方法在取证的实时性方面有很大优势,但这些方法没有过多考虑系统被入侵时证据可靠性以及系统可靠性的问题,而且取证的时机难以掌握。提出了一种自适应的动态取证方法,该方法采用入侵检测系统作为取证触发器,利用影子蜜罐对疑似攻击进行确认和进一步观察分析,自适应调整取证过程,获取关键证据,最后采用有限状态机对该机制进行建模,并对该机制中的状态转换时机、影子蜜罐、证据安全存储等关键技术进行描述。利用该机制来实现动态取证,可以使得取证过程更可控,可以减少不必要的证据量,并增强系统的容侵性。With the development of intrusion and computer crime technologies,dynamic forensics is becoming more and more important. Dynamic forensics based on intrusion detection and honeypot technologies has great advantage in realtime performance,whereas these methods are defective in overcoming the difficulty of evidence and system reliability, and hard to seize the opportunity of investigation. A self-adaptive mechanwasm was proposed which used intrusion detection system as forensics trigger and shadow honeypot was used to verify the suspicious attack, observe and analyze the attack activities further more to gather key evidences. And then the finite state machine model of this mechanism was illuminated and key technologies such as shadow honeypot, state transition opportunity and evidence security storage method were described. The dynamic forensics system with this mechanism can tolerate intrusion in a certain degree and get the investigation process under control. Moreover, the amount of unnecessary evidences can be reduced obviously.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15
