[1]刘栋,宁玉富. 事件关联在证据链构造中的研究[J].计算机技术与发展,2016,26(12):107-110.
 LIU Dong,NING Yu-fu. Research on Event Correlation in Construction of Evidence Chain[J].,2016,26(12):107-110.
点击复制

 事件关联在证据链构造中的研究()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
26
期数:
2016年12期
页码:
107-110
栏目:
安全与防范
出版日期:
2016-12-10

文章信息/Info

Title:
 Research on Event Correlation in Construction of Evidence Chain
文章编号:
1673-629X(2016)12-0107-04
作者:
 刘栋宁玉富
 山东青年政治学院;山东省高校信息安全与智能控制重点实验室
Author(s):
 LIU DongNING Yu-fu
关键词:
 计算机取证事件关联贝叶斯网络证据链电子证据
Keywords:
 computer forensicsevent correlationBayesian networkevidence chainelectronic evidence
分类号:
TP391
文献标志码:
A
摘要:
 在电子取证工作中,往往忽略对电子证据信息的预处理,从而导致电子证据冗余较大,计算分析较复杂。为解决计算机取证中存在电子证据形式化表示的困难以及数据缺失的问题,在对事件关联技术进行研究和深入分析的基础上,利用贝叶斯网络理论,提出一种基于事件关联的证据链构造方法。该方法考虑事件之间的相互影响以及序列关系,分析缺失数据的因果关系,拟合完整证据链,实现了形式化表示电子证据,并降低了证据分析的数据冗余,从而有针对性地进行数据处理和证据分析,完善了取证体制。通过实验结果分析得出,该方法实现了证据的形式化表示,减少了证据分析的数据量。
Abstract:
 The electronic evidence data preprocessing is easily neglected in electronic forensics work,leading to heavy redundancy for e-lectronic evidence and complex calculation. Since the electronic evidence is difficult to represent formalized,and there exist missing data. A method for constructing electronic evidence chain is proposed on the basis of the study and analysis of event correlation and Bayesian network. Considering the interaction between evidence events and sequence relationship,it can be analysis of causal relationship of the e-vents to deal with the missing data. It realizes the electronic evidence represented and reduces the data redundancy of evidence analysis, thus consummating the evidence collection system and making the data process and evidence analysis be more target-oriented. The exper-imental results show that the method realizes the representation of evidence and reduces the computation.

相似文献/References:

[1]林英 张雁 欧阳佳.日志检测技术在计算机取证中的应用[J].计算机技术与发展,2010,(06):254.
 LIN Ying,ZHANG Yan,OU Yang-jia.Application of Log Testing Technology in Computer Forensics[J].,2010,(12):254.
[2]杨卫平 黄烟波 段丹青 黄伟平.基于协议分析的网络入侵动态取证系统设计[J].计算机技术与发展,2006,(04):215.
 YANG Wei-ping,HUANG Yan-bo,DUAN Dan-qing,et al.Design of Protocol Analysis Based IDS and Dynamic Computer Forensic System[J].,2006,(12):215.
[3]张志宏,吴庆波,邵立松,等.基于飞腾平台TOE协议栈的设计与实现[J].计算机技术与发展,2014,24(07):1.
 ZHANG Zhi-hong,WU Qing-bo,SHAO Li-song,et al. Design and Implementation of TCP/IP Offload Engine Protocol Stack Based on FT Platform[J].,2014,24(12):1.
[4]梁文快,李毅. 改进的基因表达算法对航班优化排序问题研究[J].计算机技术与发展,2014,24(07):5.
 LIANG Wen-kuai,LI Yi. Research on Optimization of Flight Scheduling Problem Based on Improved Gene Expression Algorithm[J].,2014,24(12):5.
[5]黄静,王枫,谢志新,等. EAST文档管理系统的设计与实现[J].计算机技术与发展,2014,24(07):13.
 HUANG Jing,WANG Feng,XIE Zhi-xin,et al. Design and Implementation of EAST Document Management System[J].,2014,24(12):13.
[6]侯善江[],张代远[][][]. 基于样条权函数神经网络P2P流量识别方法[J].计算机技术与发展,2014,24(07):21.
 HOU Shan-jiang[],ZHANG Dai-yuan[][][]. P2P Traffic Identification Based on Spline Weight Function Neural Network[J].,2014,24(12):21.
[7]李璨,耿国华,李康,等. 一种基于三维模型的文物碎片线图生成方法[J].计算机技术与发展,2014,24(07):25.
 LI Can,GENG Guo-hua,LI Kang,et al. A Method of Obtaining Cultural Debris’ s Line Chart Based on Three-dimensional Model[J].,2014,24(12):25.
[8]翁鹤,皮德常. 混沌RBF神经网络异常检测算法[J].计算机技术与发展,2014,24(07):29.
 WENG He,PI De-chang. Chaotic RBF Neural Network Anomaly Detection Algorithm[J].,2014,24(12):29.
[9]刘茜[],荆晓远[],李文倩[],等. 基于流形学习的正交稀疏保留投影[J].计算机技术与发展,2014,24(07):34.
 LIU Qian[],JING Xiao-yuan[,LI Wen-qian[],et al. Orthogonal Sparsity Preserving Projections Based on Manifold Learning[J].,2014,24(12):34.
[10]尚福华,李想,巩淼. 基于模糊框架-产生式知识表示及推理研究[J].计算机技术与发展,2014,24(07):38.
 SHANG Fu-hua,LI Xiang,GONG Miao. Research on Knowledge Representation and Inference Based on Fuzzy Framework-production[J].,2014,24(12):38.

更新日期/Last Update: 2017-02-03