计算机学报
計算機學報
계산궤학보
CHINESE JOURNAL OF COMPUTERS
2014年
5期
1184-1194
,共11页
田志宏%余翔湛%张宏莉%方滨兴
田誌宏%餘翔湛%張宏莉%方濱興
전지굉%여상담%장굉리%방빈흥
入侵取证%证据推理网络%弱点%证据链%信息安全%网络安全
入侵取證%證據推理網絡%弱點%證據鏈%信息安全%網絡安全
입침취증%증거추리망락%약점%증거련%신식안전%망락안전
intrusion forensics%evidence reasoning network%vulner ability%evidence chain%information security%network security
在分析现有网络入侵取证系统所存在问题的基础上,提出了一种基于证据推理网络的实时网络入侵取证方法NetForensic,将弱点关联性的概念引入网络入侵取证领域,根据网络系统的弱点知识和环境信息构建了证据推理网络,利用证据推理网络所提供的多阶段攻击推理能力,NetForensic实现了高效实时攻击流程重构。实验数据表明,NetForensic给出的证据链完整可信,且具备实时推理的能力,为快速有效的调查取证提供了有力保证。
在分析現有網絡入侵取證繫統所存在問題的基礎上,提齣瞭一種基于證據推理網絡的實時網絡入侵取證方法NetForensic,將弱點關聯性的概唸引入網絡入侵取證領域,根據網絡繫統的弱點知識和環境信息構建瞭證據推理網絡,利用證據推理網絡所提供的多階段攻擊推理能力,NetForensic實現瞭高效實時攻擊流程重構。實驗數據錶明,NetForensic給齣的證據鏈完整可信,且具備實時推理的能力,為快速有效的調查取證提供瞭有力保證。
재분석현유망락입침취증계통소존재문제적기출상,제출료일충기우증거추리망락적실시망락입침취증방법NetForensic,장약점관련성적개념인입망락입침취증영역,근거망락계통적약점지식화배경신식구건료증거추리망락,이용증거추리망락소제공적다계단공격추리능력,NetForensic실현료고효실시공격류정중구。실험수거표명,NetForensic급출적증거련완정가신,차구비실시추리적능력,위쾌속유효적조사취증제공료유력보증。
Based on the analysis of problems about the existing network intrusion forensicssystems,this paper proposed a real-time network intrusion forensics method according to theevidence reasoning network (NetForensic).This method connected the concept of vulnerabilitycorrelation with the field of network intrusion forensics.It built the evidence reasoning networkon the basis of the network system vulnerabilities and environmental information.At the sametime,NetForensic realized the attack scenario reconstruction and with high efficiency in use of thereasoning ability of multi-staged attacks provided by the evidence reasoning network.Experimentaldata shows that NetForensic has supplied a complete and credible chain of evidence and it also hasthe capacity for real-time reasoning.All of these provide a strong guarantee for the rapid andeffective evidence investigation.