The Network Coordinative Forensics Technology Base on Data Provenance
At present there is no good security tool that can directly associate analysis to the multi-step attack en network, and reconstruct invading process to obtain the criminal evidence. So a new approach of network coordinative forensics based on data provenance was presented: Set up a log server with SYSLOG mechanism, obtain logs provenance databases with Perm rewrite technology, position multi-step attacker with, where provenance, and reconfiguration attack process with why provenance. Data provenance theory and experiment results proved that the new approach is feasible and effective.
association analysis coordinative forensics multi-step attack data provenance perm
Huang Wen Wen Chun-sheng
Network Center Hunan University of Science and Engineering Yongzhou, China
国际会议
重庆
英文
557-561
2011-08-20(万方平台首次上网日期,不代表论文的发表时间)