Study on the Dynamic Computer Forensic Evaluation Model Based on Business User's Behavior
-
摘要: 对复杂信息系统的业务用户行为和网络取证进行了研究,结合木马技术提出了基于业务用户行为的计算机动态取证评估模型,该模型构建了基于云模型的业务用户行为定量评估方法。通过仿真实验验证了模型评估的合理性,同时验证了该模型能实时隐蔽地记录用户行为,并能确保将获取的信息反馈给取证控制端,为计算机动态取证的研究提供了一种可行的技术方案。
-
[1] 郭树凯, 田立勤, 沈学利. FAHP在用户行为信任评价中的研究[J]. 计算机工程与应用, 2011, 47(12): 59-61. GUO Shu-kai, TIAN Li-qin, SHEN Xue-li. Research on FAHP method in user behavior trustcomputation[J]. Computer Engineering and Application, 2011, 47(12): 59-61. [2] 刘庆云, 张冬艳, 谭建龙, 等. 基于多维属性的网络行为控制策略[J]. 清华大学学报(自然科学版), 2013, 53(12): 1682-1687. LIU Qing-yun, ZHANG Dong-yan, TAN Jian-long, et al. Network behavior control strategy based on multi dimension attribute[J]. Journal of Tsinghua University (Science and Technology), 2013, 53(12): 1682-1687. [3] HALBOOB W, ABULAISH M, ALGHATHBAR K S. Quaternary privacy-levels preservation in computer forensics investigation process[C]//IEEE International Conference on Communications. [S.l.]: IEEE, 2011: 777-782. [4] KE Hung-jui, LIU J, WANG Shiuh-jeng, et al. Hash-algorithms output for digital evidence in computer forensics[C]//IEEE International Conference on Communications. [S.l.]: IEEE, 2011: 399-404. [5] ELEAZAR A A, MARIKO N M, HECTOR M P M. Network forensics with neurofuzzy techniques[C]//IEEE International Conference on Circuits and Systems. [S.l.]: IEEE, 2009: 848-850. [6] HOELZ B W P, RALHA C G, GEEVERGHESE R, et al. A cooperative multi-agent approach to computer forensics [C]//IEEE International Conference on Communication. [S.l.]: IEEE, 2008: 477-483. [7] 戴硕, 杜晔. 一种异构分布式防火墙与入侵检测联动构架的通信机制[J]. 微电子学与计算机, 2009, 26(8): 94-97. DAI Shuo, DU Ye. Communication mechanism design for heterogeneous distributed interaction framework between firewall and IDS[J]. Microelectronics & Computer, 2009, 26(8): 94-97. [8] 杨卫平, 段丹青. 基于多Agent的分布式计算机动态取证模型研究[J]. 计算机应用与软件, 2008, 25(3): 81-83. YANG Wei-ping, DUAN Dan-qing. A distributed computer dynamic forensics model based on multi-agent[J]. Computer Applications and Software, 2008, 25(3): 81-83. [9] ZHOU Gang, MAI Yong-hao, CAO Qiang. Design and implementation of VEEL archive system for computer forensics[C]//IEEE International Conference on Communication. [S.l.]: IEEE, 2010: 138-141. [10] 王延中. 一种基于云计算环境的动态取证模型研究[J]. 计算机测量与控制, 2012, 20(11): 3066-3069. WANG Yan-zhong. Dynamic forensic model based on cloud computing environment[J]. Computer Measurement & Control, 2012, 20(11): 3066-3069. [11] 张仕斌, 许春香.基于云模型的信任评估方法研究[J].计算机学报, 2013, 35(2): 422-431. ZHANG Shi-bin, XU Chun-xiang. Study on the evaluation approach based on cloud model[J]. Chinese Journal of Computers, 2013, 35(2): 422-431. [12] WANG Dan-chen, XU Yang, PU Wei. An information system security evaluation method of business operation targeting the service composition[C]//Decision Making and Soft Computing Proceedings of the 11th International FLINS Conference. Danvers: world scientific, 2014: 589-594. [13] ZHANG Shi-bin, XU Chun-xiang, CHANG Yan, et al. Study on trusted access model based on user behavior[J]. International Journal of Advancements in Computing Technology, 2013, 5(1): 486-495. [14] 苗夺谦, 王国胤.云模型与粒计算[M]. 北京: 科学出版社, 2012. MIAO Duo-qian, WANG Guo-ying. The cloud model and granular computing[M]. Beijing: Science Press, 2012. [15] 罗文华. 木马恶意程序电子数据取证环境的构建[J]. 警察技术, 2012, 22(2): 39-42. LUO Wen-hua. The construction of the electronic data forensics environment of Trojan horse[J]. Police Technology, 2012, 22(2): 39-42. [16] 吴坤鸿, 舒辉, 董卫宇. 内核脱钩技术在检测rootkit木马信息隐藏中的应用[J]. 计算机工程与设计, 2008, 19(14): 3635-3638. WU Kun-hong, SHU Hui, DONG Wei-yu. Application of kernel decoupling technique in detection of rootkit Trojan information hiding[J]. Computer Engineering and Design, 2008, 19(14): 3635-3638.
点击查看大图
计量
- 文章访问数: 5130
- HTML全文浏览量: 127
- PDF下载量: 423
- 被引次数: 0