会议专题

A Model of Online Attack Detection for Computer Forensics

With frequently network attacks, network security products are practically impossible to guard against the intrusion methods. A model of online attack detection for computer forensics is proposed to collect crime evidence of attack. In this model, an algorithm of association rules mining is used to mine the association rules of attack event and build the attack signature database. After gaining network data package and pattern matching according to the protocol analysis result of primary data, the attack behavior is detected, and the signature database is unceasingly updated by new attack behavior signature. The SSL encryption authentication is used in data package transmission, which can prevent the information leakage and falsifying, and the data remain original. The serious attack behaviors are detected and saved in the evidence database, which can be used as primitive evidence for computer forensics. Simulation results show that the algorithm of association rules mining improves the efficiency of network attack behavior recognition. After the new attack behavior being discovered, the safety system integrally reconstructs the attack behavior. The model can be used for the next forensic step.

network attacks attack detection association rule mining pattern match computer forensics

Zhong Xiu-yu

School of Computer Science Jiaying University Meizhou, Guangdong, China

国际会议

The 2010 International Conference on Computer Application and System Modeling(2010计算机应用与系统建模国际会议 ICCASM 2010)

太原

英文

533-537

2010-10-22(万方平台首次上网日期,不代表论文的发表时间)