中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
网络入侵取证智能分析技术研究
作者: 刘在强
答辩日期: 2007-01-13
授予单位: 中国科学院软件研究所
授予地点: 软件研究所
学位: 博士
关键词: 网络取证 ; 计算机取证 ; 模糊逻辑 ; 决策数 ; 离群点
其他题名: Intelligent Analysis Research for Techniques of Network Intrusion Forensics
摘要: 网络取证分析技术是当今机器学习、计算机安全以及数字取证等领域的前沿课题。目前国内外在网络取证技术方面的研究才刚刚起步。 本文针对智能网络取证分析中存在的大数据量处理、分析方法的智能性以及分析过程的质疑性等问题进行了深入研究。论文的主要研究成果如下: 提出了一种基于比例积分微分模糊规则的取证分析算法。该方法利用模糊技术与人类思维模式相似的特点进行证据分析,增加了分析结果的可解释性;对提取的网络事件特征根据其性质进行分类,建立模糊比例积分微分规则库,进一步提高了推理的规则匹配效率。 结合决策树与模糊技术优点,设计了一种基于增强模糊决策树的证据分析算法。该算法对连续属性进行临界点自动划分,增强了算法的智能化程度和适应能力;基于网络服务类型分别构建独立的子树,使系统具有 较好的并行性和扩展性。 设计了一种两级的数字证据定位分析方法,在缺乏充足样本事例情况下,可实现潜在证据定位分析。该方法利用离群点检测技术对原数据集进行过滤,然后利用样本数据集以及专家知识构造的分类器组进行深入分析,进一步提高了证据分析的准确度。 提出了一种基于集成决策树的多级证据分析处理框架。该算法具有较好的扩展性,可集成优秀算法;集成层仅利用基层学习算法的结果进行集成运算,保护了用户的隐私性,减少了网络传输负荷。
英文摘要: Network forensics is becoming a challenging research topic. Currently the research of network forensics is just beginning, and many problems still need to be resolved by security researchers. The thesis focuses on the problems in intelligent network forensics analysis and deeply researches the following topics: the processing of huge volumes of data; the high efficiency of the analyzing method; the interpretable capability of the analyzing method. The main research production consists of: 1 Proposes a network forensic analysis method based on the fuzzy proportional-integral-differential rules that employs the similarity between fuzzy logic and thinking mode of human beings to perform forensic analysis and improves the comprehensibility of the system output. It classifies the network event features by their character and builds the fuzzy proportional-integral-differential rule banks to further improve the rule matching efficiency. 2 Designes a forensic analysis method based on improved fuzzy decision tree which combines the strongpoints of fuzzy logic whose reasoning processes are easy to understand with decision tree that is structural. It constructs separate subtrees based on the network service type and makes it parallel and extensible. Besides these, during the construction of a decision tree we design an automatic partition algorithm of continuous attributes and the degree of automation and efficiency of the algorithm is further improved. 3 Designes a fast evidence location analysis method with two-level analysis structure. Firstly the algorithm uses the outlier detection technique to filter the dataset, then employs a classifier group constructed by using sample dataset and an expert knowledge bank to analyze deeply the filtered dataset. It provides fast guidance for forensic investigators under the condition of limited training samples. 4 Proposes an ensemble algorithm in order to employ the advantages of various intelligent algorithms in dealing with different events. The algorithm can integrate the most of popular data mining and machine learning algorithms and is extensible; it calculates a final classifier based on outputs from the base algorithms so the system needs not transfer the raw data to the ensemble algorithm and decreases the transmission overload and maintains the privacy of network users.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6636
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
10001_200318015003094刘在强_paper.pdf(4101KB)----限制开放-- 联系获取全文

Recommended Citation:
刘在强. 网络入侵取证智能分析技术研究[D]. 软件研究所. 中国科学院软件研究所. 2007-01-13.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[刘在强]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[刘在强]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace