«上一篇/Previous Article|本期目录/Table of Contents|下一篇/Next Article»

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:

期数:

2006年04期

页码:

215-217

栏目:

计算机安全

出版日期:

1900-01-01

文章信息/Info

Title:

Design of Protocol Analysis Based IDS and Dynamic Computer Forensic System

文章编号:

1005-3751（2006）04-0215-03

作者:

杨卫平¹; 2 黄烟波¹ 段丹青¹; 2 黄伟平¹

[1]中南大学信息科学与工程学院[2]湖南公安高等专科学校

Author(s):

YANG Wei-ping;  HUANG Yan-bo;  DUAN Dan-qing ; HUANG Wei-ping

[1]College of Information Science and Engineering, Central South University[2]Hunan Public Security College

关键词:

计算机取证; 电子证据; 入侵检测; 证据提取

分类号:

TP393.08

文献标志码:

A

摘要:

计算机取证技术分为静态取证和动态取证两种。静态取证技术由于采用事后分析的方法提取证据，因而证据的采集不够全面，同时恢复的数据可能是已经被篡改的数据，因而法律效力低。文中将计算机取证技术与入侵检测技术结合，提出一种基于协议分析的网络入侵动态取证系统。该系统采用基于协议分析的入侵检测方法，提高了入侵检测效率及数据分析能力，有助于解决动态取证的实时性；同时系统采取了较全面的安全机制，确保收集的电子证据的真实性、有效性、不可篡改性，是动态计算机取证的一种较好解决方案

Abstract:

The computer forensic mainly consists of two techniques： the static forensic and dynamic forensic. The static computer forensic collects electronic evidences after the intrusion has happened, so it＇s difficult to collect the evidences entirely and even the recovered files may has been modified, the collected electronic evidences are not so available in law. The paper provides a dynamic computer forensic system combined computer forensic technology and intrusion detection system based on protocol analysis. The system can improve the efficiency of intrusion detection and the ability of data analysis by using the protocol analysis method. It＇s helpful to realize collecting electronic ew idences dynamically in real-time. The system also uses several kinds of network safe mechanisms to ensure the accuracy, validity, immutability of the electronic evidences. It＇s a good solution of dynamic computer forensic

备注/Memo

备注/Memo:

湖南省教育厅青年项目（0313009）;湖南省公安厅科研项目资助（湘公科[2003]14号）杨卫平（1969-），男，湖南益阳人，硕士，讲师，研究方向为网络技术；黄烟波，教授，研究方向为网络技术

常用功能

更新日期/Last Update: 1900-01-01