Filtering Intrusion Forensic Data Based on Attack Signatures

Fu Xiao; Xie Li

Journal of Computer Research and Development > 2011 > 48(6): 964-973.

Fu Xiao, Xie Li. Filtering Intrusion Forensic Data Based on Attack Signatures[J]. Journal of Computer Research and Development, 2011, 48(6): 964-973.

Citation:

Fu Xiao, Xie Li. Filtering Intrusion Forensic Data Based on Attack Signatures[J]. Journal of Computer Research and Development, 2011, 48(6): 964-973.

Citation:

Fu Xiao, Xie Li. Filtering Intrusion Forensic Data Based on Attack Signatures[J]. Journal of Computer Research and Development, 2011, 48(6): 964-973.

PDF (1135 KB)

Filtering Intrusion Forensic Data Based on Attack Signatures

Fu Xiao^1,2,
Xie Li¹

1(Software Institute, Nanjing University, Nanjing 210093) 2(Department of Computer Science and Technology, Nanjing University, Nanjing 210093)

More Information

Published Date: June 14, 2011

Graphical Abstract

Abstract

Abstract

Computer forensics is a new field on computer evidences process. This field is very important and practical, so it has drawn more and more attention in recent years. Intrusion forensics is a specific area of computer forensics, and has been applied to computer intrusion activities. It is a hot area because a large proportion of the computer crimes are intrusion activities. When investigating intrusion activities, one key step is obtaining intrusion evidences. In order to get this kind of evidences automatically, an attack-signature-based method for filtering intrusion forensic data is proposed. It mainly includes the following steps: Firstly, the detail behaviors of the attack being investigated are reconstructed based on its attack signatures; Then the attack features which are required by the filter are extracted from these details; Finally, according to the similarity between attack features and candidate data, all evidences related to the attack being investigated can be gotobtained. The experiment results on DARPA 2000 have proved that our method has high accuracy and its completeness is almost 100%. Compared with current methods, our method shows more advantages. For example it needs little manual work and can process more complex intrusion scenarios. Moreover, it has higher performance and can find more types of evidences.
- intrusion forensics,
- evidence filtering,
- attack feature,
- attack signature,
- dependency tracking

FullText(HTML)

References (0)

[1]	Ma Zhaojia, Shao En, Di Zhanyuan, Ma Lixian. Porting and Parallel Optimization of Common Operators Based on Heterogeneous Programming Models[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202330869
[2]	Zhou Ze, Sun Yinghui, Sun Quansen, Shen Xiaobo, Zheng Yuhui. An Adversarial Detection Method Based on Tracking Performance Difference of Frequency Bands[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202440428
[3]	Li Maowen, Qu Guoyuan, Wei Dazhou, Jia Haipeng. Performance Optimization of Neural Network Convolution Based on GPU Platform[J]. Journal of Computer Research and Development, 2022, 59(6): 1181-1191. DOI: 10.7544/issn1000-1239.20200985
[4]	Xie Zhen, Tan Guangming, Sun Ninghui. Research on Optimal Performance of Sparse Matrix-Vector Multiplication and Convoulution Using the Probability-Process-Ram Model[J]. Journal of Computer Research and Development, 2021, 58(3): 445-457. DOI: 10.7544/issn1000-1239.2021.20180601
[5]	Zhang Jun, Xie Jingcheng, Shen Fanfan, Tan Hai, Wang Lümeng, He Yanxiang. Performance Optimization of Cache Subsystem in General Purpose Graphics Processing Units: A Survey[J]. Journal of Computer Research and Development, 2020, 57(6): 1191-1207. DOI: 10.7544/issn1000-1239.2020.20200113
[6]	Gu Rong, Yan Jinshuang, Yang Xiaoliang, Yuan Chunfeng, and Huang Yihua. Performance Optimization for Short Job Execution in Hadoop MapReduce[J]. Journal of Computer Research and Development, 2014, 51(6): 1270-1280.
[7]	Zhang Fengjun, Zhao Ling, An Guocheng, Wang Hongan, Dai Guozhong. Mean Shift Tracking Algorithm with Scale Adaptation[J]. Journal of Computer Research and Development, 2014, 51(1): 215-224.
[8]	Lü Na and Feng Zuren. Adaptive Multi-Resolutional Image Tracking Algorithm[J]. Journal of Computer Research and Development, 2012, 49(8): 1708-1714.
[9]	Li Shanqing, Tang Liang, Liu Keyan, Wang Lei. A Fast and Adaptive Object Tracking Method[J]. Journal of Computer Research and Development, 2012, 49(2): 383-391.
[10]	Zheng Ruijuan, Wu Qingtao, Zhang Mingchuan, Li Guanfeng, Pu Jiexin, Wang Huiqiang. A Self-Optimization Mechanism of System Service Performance Based on Autonomic Computing[J]. Journal of Computer Research and Development, 2011, 48(9): 1676-1684.