Advanced Search
    Fu Xiao, Xie Li. Filtering Intrusion Forensic Data Based on Attack Signatures[J]. Journal of Computer Research and Development, 2011, 48(6): 964-973.
    Citation: Fu Xiao, Xie Li. Filtering Intrusion Forensic Data Based on Attack Signatures[J]. Journal of Computer Research and Development, 2011, 48(6): 964-973.

    Filtering Intrusion Forensic Data Based on Attack Signatures

    • Computer forensics is a new field on computer evidences process. This field is very important and practical, so it has drawn more and more attention in recent years. Intrusion forensics is a specific area of computer forensics, and has been applied to computer intrusion activities. It is a hot area because a large proportion of the computer crimes are intrusion activities. When investigating intrusion activities, one key step is obtaining intrusion evidences. In order to get this kind of evidences automatically, an attack-signature-based method for filtering intrusion forensic data is proposed. It mainly includes the following steps: Firstly, the detail behaviors of the attack being investigated are reconstructed based on its attack signatures; Then the attack features which are required by the filter are extracted from these details; Finally, according to the similarity between attack features and candidate data, all evidences related to the attack being investigated can be gotobtained. The experiment results on DARPA 2000 have proved that our method has high accuracy and its completeness is almost 100%. Compared with current methods, our method shows more advantages. For example it needs little manual work and can process more complex intrusion scenarios. Moreover, it has higher performance and can find more types of evidences.
    • loading

    Catalog

      Turn off MathJax
      Article Contents

      /

      DownLoad:  Full-Size Img  PowerPoint
      Return
      Return