摘要: 为实现入侵证据的自动分析,设计一种基于取证图的分层取证分析方法。采用基于规则的模糊感知图模型,从局部识别出网络实体的状态,通过特征向量中心度计算得到重要的种子结点,再从大量攻击场景的关联结点中抽取攻击组。基于DARPA2000的实验结果表明,该方法在攻击组抽取和场景抽取方面具有较高的覆盖率和准确率。
关键词:
取证分析,
取证图,
基于规则的模糊感知图,
特征向量中心度,
攻击组抽取,
场景重构
Abstract: In order to analyze intrusion evidences automatically, a new hierarchical forensics algorithm based on forensics graph is proposed. The status of network entities are identified by using Rule-based Fuzzy Cognitive Map(RBFCM) model, important entities are selected from forensics graph by using Eigenvector Centrality Metric(ECM), and attack groups are extracted from large part of association nodes in the attack scenario. Experiments on DARPA 2000 prove that the method achieves high accuracy in the attack group extraction and scenario reconstruction.
Key words:
forensics analysis,
forensics graph,
Rule-based Fuzzy Cognitive Map(RBFCM),
Eigenvector Centrality Metric(ECM),
attack group extraction,
scenario reconstruction
中图分类号:
张墨华, 陈亮. 基于RBFCM和ECM的分层取证分析[J]. 计算机工程, 2012, 38(15): 123-127.
ZHANG Mei-Hua, CHEN Liang. Hierarchical Forensics Analysis Based on Rule-based Fuzzy Cognitive Map and Eigenvector Centrality Metric[J]. Computer Engineering, 2012, 38(15): 123-127.