Network forensics based on scenario reconstruction and alert aggregationChinese Full Text
DONG Xiao-mei;ZHAO Qian;LI Xiao-hua;FEI Ya-jie;College of Information Science and Engineering,Northeastern University;Department of Information Engineering,Shenyang Institute of Engineering;
Abstract: A network forensics research method is proposed, which includes alert standardization, alert redundancy reduction, scenario reconstruction and alert aggregation. The interference of failed attacks to the forensics process is reduced by removing the failed alert. In the process of scenario reconstruction, with the method of inversely association, the unnecessary evidence can be removed. Moreover, isolated alerts are supplemented to ensure the integrity of evidence chain. In the process of alert aggregation, the method of merging different detailed alerts of the same step is proposed. The intrusion scenarios at the abstract layer and the specific layer are reconstructed respectively. Finally, experiments verify the effectiveness of the proposed method.
- DOI:
10.13195/j.kzyjc.2012.1764
- Series:
- Subject:
- Classification Code:
TP393.08
- Mobile Reading
Read on your phone instantly
Step 1Scan QR Codes
"Mobile CNKI-CNKI Express" App
Step 2Open“CNKI Express”
and click the scan icon in the upper left corner of the homepage.
Step 3
Scan QR Codes
Read this article on your phone.
- CAJ Download
- PDF Download
Download the mobile appuse the app to scan this coderead the article.
Tips: Please download CAJViewer to view CAJ format full text.
Download: 213 Page: 39-44 Pagecount: 6 Size: 237K
Citation Network
Related Literature
- Similar Article
- Reader Recommendation
- Associated Author