计算机工程与设计
計算機工程與設計
계산궤공정여설계
COMPUTER ENGINEERING AND DESIGN
2010年
7期
1429-1432
,共4页
风险评估%信息熵%数字取证%事件响应过程模型
風險評估%信息熵%數字取證%事件響應過程模型
풍험평고%신식적%수자취증%사건향응과정모형
risk assessment%information entropy%digital forensics%incident response process model
为了提高计算机犯罪取证的准确性和效率,提出了基于风险评估的事件响应过程模型.首先对事件响应过程模型进行分析,指出该模型主要是针对被怀疑的网络系统进行取证的,并且该模型在取证准备阶段具有不完整性且分析过于笼统等不足.为此引入了风险评估方法来对网络系统进行综合的评价,通过利用信息熵来求得各风险因素的熵权,进而判断网络的风险等级,从而可以有效地确定可疑网络并且针对可疑网络进行数字取证.最后阐述了该模型在取证过程中涉及的相关技术.
為瞭提高計算機犯罪取證的準確性和效率,提齣瞭基于風險評估的事件響應過程模型.首先對事件響應過程模型進行分析,指齣該模型主要是針對被懷疑的網絡繫統進行取證的,併且該模型在取證準備階段具有不完整性且分析過于籠統等不足.為此引入瞭風險評估方法來對網絡繫統進行綜閤的評價,通過利用信息熵來求得各風險因素的熵權,進而判斷網絡的風險等級,從而可以有效地確定可疑網絡併且針對可疑網絡進行數字取證.最後闡述瞭該模型在取證過程中涉及的相關技術.
위료제고계산궤범죄취증적준학성화효솔,제출료기우풍험평고적사건향응과정모형.수선대사건향응과정모형진행분석,지출해모형주요시침대피부의적망락계통진행취증적,병차해모형재취증준비계단구유불완정성차분석과우롱통등불족.위차인입료풍험평고방법래대망락계통진행종합적평개,통과이용신식적래구득각풍험인소적적권,진이판단망락적풍험등급,종이가이유효지학정가의망락병차침대가의망락진행수자취증.최후천술료해모형재취증과정중섭급적상관기술.
To improve the accuracy and efficiency of computer crime forensics, the incident response process model based on risk assessment is represented. Firstly, the incident response process model is analyzed, it is pointed out that the model is mainly in allusion to suspected network system for digital forensics, and is incomplete and lack of detailed analysis in the preparation phase. Then, the risk assessment method is proposed to evaluate the network system synthetically, by the use of information entropy to obtain the entropy weight of the risk factors, it determines the risk level of networks, which can identify and collect evidence of suspicious network effectively. Finally, the involved technologies in the process of digital forensics are illustrated.
