检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]武汉大学电子信息学院,武汉430079 [2]通信指挥学院二系,武汉430010
出 处:《电子科技大学学报》2013年第3期350-354,共5页Journal of University of Electronic Science and Technology of China
基 金:高等学校博士学科点专项科研基金(20040486049)
摘 要:针对网络取证因果关联证据融合方法存在的算法复杂、重现场景不够精确等问题,提出了基于隐马尔科夫模型的网络取证证据融合方法,阐述了应用隐马尔科夫模型进行证据融合的可行性。该方法以元证据序列作为随机观察序列,以网络入侵步骤作为随机状态序列,通过对元证据序列进行解码操作,找寻最可能的网络入侵步骤并据此回溯证据链。实验结果表明,与基于贝叶斯网络的多源证据融合方法相比,该方法的算法复杂度和抵御干扰项的能力均得到了明显的改善,该方法能够以较小的代价较精确地重现网络入侵的犯罪现场。To improve the algorithm complexity and the accuracy of reproduced scene, a new method for the evidence fusion of the network forensics on the hidden Markov models (HMM) is proposed. The feasibility of this method is expounded. By taking the sequence of the meta-evidenee as the random observation sequence, and the network intrusion step as the random state sequence, the most likely network intrusion step is inferred by the decoding operation aimed at the sequence of the meta-evidence and the chain of the evidence is backtracked accordingly. When they are applied in the same problem, the algorithm complexity and the anti-interference ability of the proposed method are dramatically modified compared with the method of Bayesian network. Therefore, the proposed method has a good ability in the cost to reproduce the scene of the crime.
分 类 号:TN915.08[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.229