Study of Network Foren sics and its Applica tion Techn iques

Σχετικά έγγραφα
D ecision2m ak ing M odel Inco rpo rating R isk Behavio r under P ro ject R isk M anagem en t

Fo recasting Stock M arket Q uo tation s via Fuzzy N eu ral N etw o rk Based on T 2S M odel

26 3 V o l. 26 N o A cta Eco logiae A n im alis Dom astici M ay ,

China Academic Journal Electronic Publishing House. All rights reserved. O ct., 2005

Con struction and D emon stration of an Index System of Know ledge Amoun t of Po sition

( , ,

ED SS (Environm en tal D ecision Suppo rt

D esign and Imp lem en tation of Parallel Genetic A lgo rithm

T he Op tim al L PM Po rtfo lio M odel of H arlow s and Its So lving M ethod

(H ipp op hae rham noid es L. ) , ; SHB 2g , 1. 0, 2. 0, 3. 0, 4. 0, 5. 0 ml mm. : Y = X - 0.

Bank A ssetgl iab ility Sheet w ith Em bedded Op tion s

On- l ine com puter detecting system of p ipel ine leak and its algor ithm

Jou rnal of M athem atical Study

D evelopm en t and Applica tion of M odeling and S im ula tion Technology

copula, 5 3 Copula Κ L = lim System s Engineering M ay., 2006 : (2006) ,,, copula Ξ A rch im edean copula (Joe,

A R, H ilbert2h uang T ran sfo rm and A R M odel

, E, PRO GR ESS IN GEO GRA PH Y. V o l122, N o15 Sep t1, 2003 : (2003) , 263, (0 1m ) P93511; P42616

On Channel-adaptive Error Con trol Techn ique V ideo Comm un ication

Stem Character istics of W heat w ith Stem L odging and Effects of L odging on Gra in Y ield and Qual ity

A Study of the O rigin of Comp lex ity in the Science of Comp lex ity

V o l122, N o13 M ay, 2003 PRO GR ESS IN GEO GRA PH Y : (2003) , : TU 984. , (Eco logy fo r evil) [1 ] (R ich Boyer), 2.

(T rip tery g ium w ilf ord ii Hook) ,Beroza [6 ] 4 W ilfo rine W ilfo rdine W ilfo rgine W il2. Euon ine 1. 0% 1980, 1. 1 ; 1. 0%, ; 0.

M in ing Recursive Function s Ba sed on Gene Expression Programm ing

M athem aticalm odel and A lgo rithm of In telligen t T est Paper

W eb. W eb Information Extraction Based on Tree Structure. REN Zhong- sheng 1, XUE Y ong- sheng 2

, ( , (P anax qu inquef olius) ) ; L C2V P series U H PE), M Pa R E252. C18 (5 Λm, 250 mm 4. 6 mm ) ( )

D EM, ], 1969 F reeze H arlan : SH E G IS Tsinghua Tongfang Optical Disc Co., Ltd. All rights reserved.

GPS, 0. 5 kg ( In tegrated Fertility Index, IF I) 1. 1 SPSS 10. IF I =

A multipath QoS routing algorithm based on Ant Net

1998, 18 (1): 1 7. A cta T heriolog ica S inica (,, ) (Grow th layer group s, GL Gs) 168, 42,

Application of a novel immune network learn ing algorithm to fault diagnosis

A CTA GEO GRA PH ICA S IN ICA

Quick algorithm f or computing core attribute

Security in the Cloud Era

Vol. 31,No JOURNAL OF CHINA UNIVERSITY OF SCIENCE AND TECHNOLOGY Feb

, 4, 6, 8 m in; 30%, 50%, 70%, 90% 100% 15, 30, 45, 60, s V c

VSC STEADY2STATE MOD EL AND ITS NONL INEAR CONTROL OF VSC2HVDC SYSTEM VSC (1. , ; 2. , )

ss rt çã r s t Pr r Pós r çã ê t çã st t t ê s 1 t s r s r s r s r q s t r r t çã r str ê t çã r t r r r t r s

V o l. 53, N o. 3 M ay, 1998 A CTA GEO GRA PH ICA S IN ICA ) m 3 gs,

rs r r â t át r st tíst Ó P ã t r r r â

TR IBOLO GY N ov, 2004 , P I2. , 120 M Pa, P I. 6 mm 7 mm 30 mm [7, 8 ] mm,. JSM 25600LV 1. 1 (EDXA ).

V isualization of the functional or ien tation column s in the cat v isual cortex by in vivo optical imag ing based on in tr in sic signals

P P Ó P. r r t r r r s 1. r r ó t t ó rr r rr r rí st s t s. Pr s t P r s rr. r t r s s s é 3 ñ

(2006) ,A RD S. AL Ig A RD S. AL IgA RD S A RD S A RD S A RD S , A RD S 25% 50%, 11% 25%, 9% 26% 1 AL IgARD S , A RD S 50% 6815%

The Optim ization A lgor ithm s for Solv ing Resource-con stra ined Project Schedul ing Problem: A Rev iew

1999, 17 (1): J ourna l of W uhan B otan ica l Resea rch ( ) ( ) 2, 3. (Celosia cristata L. ),

ADVAN CE IN EA R TH SC IEN CES : (2000)

2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems

O verlay A lgo rithm of H ierarch ical M ap s

A research on the influence of dummy activity on float in an AOA network and its amendments

China Academic Journal Electronic Publishing House. All rights reserved. ,,, ,, B log W iki. , yahoo. ,,W eb2.

Research of Han Character Internal Codes Recognition Algorithm in the Multi2lingual Environment

Error ana lysis of P2wave non2hyperbolic m oveout veloc ity in layered media

A Knowledge M odel for D esign of Population Nutr ien t Index D ynam ics in W heat

G IS A CTA GEO GRA PH ICA S IN ICA. V o l. 55, N o. 1 Jan., 2000 : (2000) E2m ail: lreis1ac1cn

U (x, y ) = : K (x i- x k) K (x i- x k, y j- y l), 2. 1

Secure Cyberspace: New Defense Capabilities

A pp lication Study on R econ struction of Chao tic T im e Series and P rediction of Shanghai Stock Index

Legal use of personal data to fight telecom fraud

The Greek Data Protection Act: The IT Professional s Perspective

6 cm, 1. 2 IAA, NAA, 2. 1

R &D on Key T echno logies Based on W eb Info rm ation Pub lish ing System

hm 2,, , hm 2, A CTA GEO GRA PH ICA S IN ICA

P rogresses in H azardou s M aterials L ogistics R esearch

No. 7 Modular Machine Tool & Automatic Manufacturing Technique. Jul TH166 TG659 A

BAY ES IAN INFERENCE FO R CO INTEGRATED SY STEM S

G IS N N E E, , km 2, 92% A CTA GEO GRA PH ICA S IN ICA

o l. 26 N o Jou rnal of N an jing In stitu te of M eteo ro logy Feb. 2003

ΔΙΠΛΩΜΑΤΙΚΕΣ ΕΡΓΑΣΙΕΣ

Ερευνητική+Ομάδα+Τεχνολογιών+ Διαδικτύου+

Towards a more Secure Cyberspace

ER-Tree (Extended R*-Tree)

Schedulability Analysis Algorithm for Timing Constraint Workflow Models

Approximation Expressions for the Temperature Integral

Couplage dans les applications interactives de grande taille

SUPPLEMENTAL INFORMATION. Fully Automated Total Metals and Chromium Speciation Single Platform Introduction System for ICP-MS

Υπηρεσίες Χαρτών Ιστού WMS. Ανάλυση των δυνατοτήτων και εφαρμογή στον ελληνικό χώρο.

F ig. 1 Flow chart of comprehen sive design in the research of com patibil ity. E2m ail: ac. cn

The Research on Sampling Estimation of Seasonal Index Based on Stratified Random Sampling

, 2166 m, 4162 m,,, m 3 gs, m 3,, 5 10, 7117%, 11 4, 2813%,, m 3 gs, ;, ;,,,,,,,,

{takasu, Conditional Random Field

Security and Privacy: From Empiricism to Interdisciplinarity. Dimitris Gritzalis

( ) , ) , ; kg 1) 80 % kg. Vol. 28,No. 1 Jan.,2006 RESOURCES SCIENCE : (2006) ,2 ,,,, ; ;

IL - 13 /IL - 18 ELISA PCR RT - PCR. IL - 13 IL - 18 mrna. 13 IL - 18 mrna IL - 13 /IL Th1 /Th2

S ingula r C onfigura tion Ana lys is a nd C oo rd ina te C ontro l of Robo t

Optimization, PSO) DE [1, 2, 3, 4] PSO [5, 6, 7, 8, 9, 10, 11] (P)

ΓΗ ΚΑΙ ΣΥΜΠΑΝ. Εικόνα 1. Φωτογραφία του γαλαξία μας (από αρχείο της NASA)

5 Ι ^ο 3 X X X. go > 'α. ο. o f Ο > = S 3. > 3 w»a. *= < ^> ^ o,2 l g f ^ 2-3 ο. χ χ. > ω. m > ο ο ο - * * ^r 2 =>^ 3^ =5 b Ο? UJ. > ο ο.

Arbitrage Analysis of Futures Market with Frictions

Solving an Air Conditioning System Problem in an Embodiment Design Context Using Constraint Satisfaction Techniques

Ταξινόμηση και διαχρονική παρακολούθηση των βοσκόμενων δασικών εκτάσεων στη λεκάνη απορροής του χειμάρρου Μπογδάνα Ν. Θεσσαλονίκης

A CTA GEO GRA PH ICA S IN ICA

A summation formula ramified with hypergeometric function and involving recurrence relation

Development of a Seismic Data Analysis System for a Short-term Training for Researchers from Developing Countries

ΠΤΥΧΙΑΚΗ ΕΡΓΑΣΙΑ ΕΦΑΡΜΟΓΗ ΤΟΥ ΕΡΓΑΛΕΙΟΥ BALANCED SCORECARD ΣΕ ΙΔΙΩΤΙΚΟ ΝΟΣΟΚΟΜΕΙΟ. Σπουδαστές: Δεληλίγκα Αργυρούλα, ΑΜ:

Maude 6. Maude [1] UIUC J. Meseguer. Maude. Maude SRI SRI. Maude. AC (Associative-Commutative) Maude. Maude Meseguer OBJ LTL SPIN

CorV CVAC. CorV TU317. 1

From Secure e-computing to Trusted u-computing. Dimitris Gritzalis

:,UV IKON 810, 700 nm. DU 27Spectropho to neter 1. 1 U S2KT P

E stab lish ing Syn thesis Evaluation Index

Transcript:

27 3 2006 3 M IN I- M ICRO SYST EM S V o l127 N o 3 M aṙ 2006 1 2 1 1 1 1 1 ( 210016) 2 ( 223001) E2m ail: z yd@ 163 com : ID S A gent SVM : ; ; ; ; SVM : T P393 : A : 100021220 (2006) 0320558205 Study of Network Foren sics and its Applica tion Techn iques ZHAN G You2dong 1 2 WAN G J ian2dong 1 YE Fei2yue 1 CH EN H ui2p ing 1 L I T ao 1 1 (N anj ing U niversity of A eronau tics and A stronau tics D ep artm ent of Comp u ter S cience and E ng ineering N anj ing 210016 Ch ina) 2 (H uaiy in Institu te of T echnology D ep artm ent of Comp u ter E ng ineering H uaian 223001 Ch ina) Abstract: A t p resent the research of netw o rk fo rensics is far from m ature and the use of nom enclature is very confused paper discusses the analysis techniques in netw o rk fo rensics and netw o rk fo rensic m ethods based on ID S honeytrap A gent fuzzy ES and SVM netw o rk monito r and so on m ent trend of the netw o rk fo rensicṡ It is p ropo sed how to design the netw o rk fo rensic system s based on the techniques of intrusion to lerance To sum up w e discuss system atically the concep ts m ethods realizing techniques and the develop2 Key words: netw o rk fo rensics; intrusion detection; intrusion to lerance; expert system; SVM 1 (D igital Fo rensics) ( E lectric Fo rensics ) ( Computer Fo rensic) (N etw o rk s Fo rensics) Internet 90 M arcus R anum [2 ] D FR2 2 W S 2001 1969 (Computer2D erived Evidence) [1 ] 30 2004 9 11 ( Intrusion Fo rensics) T he : 2004212201 : (G1999032701) : 1967 ; 1945

3 : 559 3 ID S (encoding) (Encryp tion) (chain of custody ") (Fo rensic Computing) [3 ] 4 4 (E lectric Evidence) ID S SVM : ; ( ); ( ID S 5 ) 1 ID S 1 [10 ] tcpdump [ 11 ] tcpdump V icka [12 ] [4 Co rey tcpdump ] 5 2 E thereal N etd ecto r N et Intercep t (Honeytrap ) (Honeypo t) (Hon2 (Session iz2 ing) 1 [4 ] 5 ( ID S) ID S 1999 Yuill [5 ] 2000 Stephenson ( Intrusion M anagem entm odel) [6 ] Gro ss [7 ] M onroe [8 ] Somm er [9 ] eynet)? A lec Yasinsac and Yanet M anzano

560 2006 [13 ] 5 5 (Senso r) [14 ] [ 15 ] ( the Federation of D ecoy N etw o rk) 5 6 5 3 (N etw o rk Tomography) [24 ] ID S CT (P robe Packet) [23 ] DDoS [23 ] 5 7 Agen t A gent [ 22 ] 5 4 A gent ID S ID S A gent : ( Intrusion To lerant System ) [16 ] 5 8 SVM g ID S M ukkam ala H Sung [17 SVM ] ANN SVM ANN SVM 6 FESNF FESN F Jun2Sun K im [18 ] FESN F 2 :

3 : 561 ( ) : i Si Si (T im e Α P ro toco l p ) Α p p Α 2 : : IF X 1= A 1 and X 2= A 2 and X n= A n TH EN Y= Z X i Y A i Z IF TH EN FESN F 5 TCP po rt SCAN TCP SYN F looding ICM P sm urf L and P ing O f D eath ( Z1 Z5 ) : References: [ 1 ] Edw ard W ilding Sw eet & M axw ell Computer evidence: a fo rensic investigations handbook [ Z ] Computer F raud & Secu2 : rity January 1997 E lsevier L td [ 2 ] M arcus Ranum N etwo rk fligh t reco rder [ EBgOL ] h ttp: gg www ranum com : 2 digital investigations p rocess [ Z ] D FRW S Baltimo re M ary2 land A ugust 2004 : [ 4 ] V icka Co rey et al N etwo rk fo rensics analysis[c ] IEEE Inter2 net Computing N ovem ber D ecem ber 2002 0 9 0 1 [ 5 ] J im Yuill S Felix W u Fenm in Gong et al Intrusion detection Si fo r an on2go ing attack [C ] 2nd International W o rk shop on Re2 cent A dvances in Intrusion D etection2ra ID 99 [ 6 ] Peter Stephenson Intrusion m anagem ent: a top level model fo r 7 securing info rm ation assets in an enterp rise environm ent [ C ] P roceedings of E ICA R 2000 B russels Belgium M arch 2000 [ 7 ] A ndrew H Gro ss A nalyzing computer intrusions[d ] PhD T he2 sis U niversity of Califo rnia San D iego San D iego CA 1997 (5) [25 ] 8 [ 3 ] Beebe C lark A h ierarch ical objectives2based fram ewo rk fo r the [ 8 ] BalckL ab: a wo rkbench fo r fo rensic analysts[z ] A rea System s (1) Exodus Comm unications Inc Co lum bia M D D ecem ber 1999 [ 9 ] Peter Somm eṙ Intrusion detection system as evidence[ Z ] Re2 cent A dvances in Intrusion D etection2ra ID 98 (2) [ 10 ] Peter Stephenson The app lication of intrusion detection sys2 tem s in a fo rensic environm ent [C ] P roceedings of the RA ID 2000 Conference Toulouse F rance 2000 (3) [ 11 ] A ndrew Honing et al A dap tive model generation: an architec2 [19 ] ture fo r dep loy of data m ining based intrusion D etection System s [20 ] [ EBgOL ] http: ggciteseer isṫ p su edug [21 (4) ] [ 12 ] U do Payer Realtim e intrusion2fo rensics a first p ro to type im 2

562 2006 p lem entation [C ] TERENA N etwo rking Conrerence 2004 [ 13 ] A lec Yasinsac Yanet M anzano Po licies to enhance computer and netwo rk fo rensics[c ] 2 nd A nnual IEEE System M an Cy2 bernetic Info rm ation A ssurance W o rkshop June 2001 [ 14 ] A lec Yasinsac Yanet M anzano Honeytrap s a netwo rk fo ren2 sic too l[c ] Sixth M ulti2conference on System ics Cybernetics and Info rm atics O rlando F lo rida U SA July 14 218 2002 [ 15 ] Barbara Jones Redmon M aintaining fo rensic evidence fo r law enfo rcem ent agencies fo rm a federation of decoy netwo rks (CC IPS) [ EBgOL ] http: ggwww cybercrim e govgsearching h tm l [ 16 ] M CN C and D U niversity Sitar: a scalable intrusion to lerant ar2 chitecture fo r distributed services [ R ] Technical Repo rṫ Re2 search P ropo sal to DA RPA BAA 200215 2000 [ 17 ] Srinivas M ukkam ala A ndrew H Sung Identifying significant features fo r netwo rk fo rensic analysis using artificial intelligent techniques[j ] International Journal of D igital Evidence W in2 ter 2003 1 (4) : 1217 [ 18 ] Jun2Sun Kim M insoo Kim Bong2N am N o th A fuzzy expert system fo r netwo rk fo rensics[c ] The 2004 International Con2 ference on Computational Science and Its A pp lications ( ICCSA 2004) Perugia Italy (LN CS) M ay 2004 [ 19 ] M arcus K Rogers Kata Seigfried The future of computer fo rensic: a needs analysis survey [ J ] Computer & Security 2004 23 12216 [ 20 ] M arcelo Paulo Standardization of computer fo rensic p ro toco ls and p rocedures[c ] 14 th A nnual F IRST Computer Security Con2 ference June 26 2002 [ 21 ] F rank Stajano 2002 Security fo r ubiquitous computing [M ] W iley 2002 [22 ] Ren W ei J in H ai A fram ewo rk of distributed agent2based ac2 tive and real tim e netwo rk fo rensics system [Z ] D FRW S 2004 [ 23 ] H e Ye2p ing A pp lication of m alicions code in computer fo rensics [ C ] The F irst N ational W o rkshop on Computer Fo rensics Beijing 2004 11 [ 24 ] X ia Yang Zhu W ei2p ing Research and developm ent of netwo rk tom graphy [J ] Computer Engineering and A pp lication 2004 40 (13) 1332137 [ 25 ] W ang L ing Q ian H ua2lin Computer fo rensics and its future trend[j ] Journal of Softw are 2003 14 (9) : 163521644 : [ 23 ] [C ] 2004 11 [ 24 ] [J ] 2004 40 (13) : 1332137 [ 25 ] [J ] 2003 14 (9) : 163521644

2025 © DocPlayer.gr Πολιτική Απορρήτου | Όροι Χρήσης | Σχόλια