CAJ | 학술논문

网络取证是对现有网络安全体系的必要扩展,已日益成为研究的重点.但目前在进行网络取证时仍存在很多挑战:如网络产生的海量数据;从已收集数据中提取的证据的可理解性;证据分析方法的有效性等.针对上述问题,利用模糊决策树技术强大的学习能力及其分析结果的易理解性,开发了一种基于模糊决策树的网络取证分析系统,以协助网络取证人员在网络环境下对计算机犯罪事件进行取证分析.给出了该方法的实验结果以及与现有方法的对照分析结果.实验结果表明,该系统可以对大多数网络事件进行识别(平均正确分类率为91.16%),能为网络取证人员提供可理解的信息,协助取证人员进行快速高效的证据分析.
망락취증시대현유망락안전체계적필요확전,이일익성위연구적중점.단목전재진행망락취증시잉존재흔다도전:여망락산생적해량수거;종이수집수거중제취적증거적가리해성;증거분석방법적유효성등.침대상술문제,이용모호결책수기술강대적학습능력급기분석결과적역리해성,개발료일충기우모호결책수적망락취증분석계통,이협조망락취증인원재망락배경하대계산궤범죄사건진행취증분석.급출료해방법적실험결과이급여현유방법적대조분석결과.실험결과표명,해계통가이대대다수망락사건진행식별(평균정학분류솔위91.16%),능위망락취증인원제공가리해적신식,협조취증인원진행쾌속고효적증거분석.
Network forensics is an important extension to present security infrastructure,and is becoming the research focus of forensic investigators and network security researchers.However many challenges still exist in conducting network forensics:The sheer amount of data generated by the network;the comprehensibility of evidences extracted from collected data;the efficiency of evidence analysis methods,etc.Against above challenges,by taking the advantage of both the great learning capability and the comprehensibility of the analyzed results of decision tree technology and fuzzy logic,the researcher develops a fuzzy decision tree based network forensics system to aid an investigator in analyzing computer crime in network environments and automatically extract digital evidence.At the end of the paper,the experimental comparison results between our proposed method and other popular methods are presented.Experimental results show that the system can classify most kinds of events (91.16% correct classification rate on average),provide analyzed and comprehensible information for a forensic expert and automate or semi-automate the process of forensic analysis.