期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

网络取证数据的人工免疫网络聚类过滤方法 被引量:4

Filtering for network forensics data on artificial immune network clustering
原文传递
导出
摘要 针对当前网络取证数据过滤方法对先验知识过度依赖的问题,提出一种基于人工免疫网络聚类的过滤网络取证数据的方法.该方法以取证数据作为抗原,以具有动态作用域的B细胞作为人工免疫网络的节点,依据抗原与人工免疫网络的隶属度、B细胞的刺激度来进化人工免疫网络,根据过滤阈值判据,来筛选取证数据.实验结果表明,在不具备先验知识以及在合理选取时间窗口和过滤阈值以确保有较高检测率的情况下,算法能够提供较高的数据压缩比.该方法能够有效地确立调查数据的范围,有助于提高取证分析的效率. In order to improve the overreliance on prior knowledge in the filtering for the network forensics data,a new method for filtering the network forensic data based on the artificial immune network clustering was proposed.Taking the forensic data as the antigens and the dynamic influence-zoned B-cell as the node of artificial immune network respectively,the artificial immune network was evolved in terms of the membership grade between the antigens and artificial immune network and the stimulation of the B-cell.The network forensic data were filtered according to the filter threshold.The results indicated that the algorithm could provided higher data-compression ratios in the case of the rational selection time window and filtering threshold for ensuring an expected detection rate as well as without any priori knowledge.Therefore,the proposed method has a good ability in narrowing the scope of survey data and in the efficiency of forensic analysis.
作者 杨珺 马秦生 王敏 刘源
机构地区 武汉大学电子信息学院 通信指挥学院二系
出处 《武汉大学学报(工学版)》 CAS CSCD 北大核心 2012年第1期123-127,共5页 Engineering Journal of Wuhan University
基金 高等学校博士学科点专项科研基金(编号:20040486049) 国家高技术研究发展计划(编号:2002AA1Z1490)
关键词 计算机网络安全 计算机犯罪 计算机网络取证 聚类分析 过滤 人工免疫网络 computer network security computer crime computer network forensics cluster analysis filtering artificial immune network
分类号 TN915.08 [电子电信—通信与信息系统]
  • 相关文献

参考文献9

  • 1Mukkamala S, Sung H A. Identifying significant features for network forensic analysis using artificial intelligent techniques[J]. International Journal of Digital Evidence, 2003,1(4) :1-17.
  • 2杨珺,曹阳,马秦生,王敏.人工免疫行为轮廓取证分析方法[J].电子科技大学学报,2010,39(6):911-914. 被引量:2
  • 3王一淼,彭宏,陈龙.基于入侵检测系统的主动取证方法[J].计算机应用研究,2007,24(5):278-279. 被引量:4
  • 4Nasraoui O, Gonz'alez F, Cardona C, et al. A scalable artificial immune system model for dynamic unsupervised learning[C]//Proceedings of GECCO 2003. Berlin Heidelberg: Springer-verlag, 2003:219-230.
  • 5Portnoy L, Eskin E, Stolfo S J. Intrusion detection with unlabeled data using clustering[C]//ACM Workshop on Data Mining Applied to Security. New York: ACM Press, 2001 : 1-14.
  • 6Stolfo S J, Fan W, Lee W, et al. KDD CUP'99 task description[EB/OL]. (1999-10-28)[2009-05-08]. http:// KDD. ics. uci. edu/databases/kddcup99/task, html.
  • 7Nasraoui O, Cardona C, Rojas C, et aI. Tecnostreams: Tracking evolving clusters in noisy data streams with a scalable immune system learning model [C]//Proceedings of Third IEEE International Conference on Data Mining. New York: IEEE Computer Society Press, 2003:348-356.
  • 8Huang Zhexue. Clustering large data sets with mixed numeric and categorical values [C]//Proceedings of First Pacific Asia Knowledge Discovery and Data Mining Conference. Singapore: World Scientific, 1997:21- 37.
  • 9The UCI KDD Archive, Information and Computer Science University of California. KDD CUP' 99 data fEB/OLd. (1999-10-28) [2009-07-30]. http://kdd. ics. uci. edu/databases/kddcup99/kddcup99, html.

二级参考文献20

  • 1丁丽萍,王永吉.计算机取证的相关法律技术问题研究[J].软件学报,2005,16(2):260-275. 被引量:84
  • 2丁丽萍.基于网络数据流的计算机取证技术[J].信息网络安全,2005(6):74-76. 被引量:6
  • 3杨忠宝,杨宏宇.Snort报文嗅探和报文解析实现的剖析[J].计算机工程,2005,31(13):104-106. 被引量:4
  • 4陈龙,王国胤.计算机取证技术综述[J].重庆邮电学院学报(自然科学版),2005,17(6):736-741. 被引量:49
  • 5马新新,赵洋,秦志光.Improving Resilience against DDoS Attack in Unstructured P2P Networks[J].Journal of Electronic Science and Technology of China,2007,5(1):18-22. 被引量:6
  • 6PEISERT S, BISHOP M, KARIN S, et al. Analysis of computer intrasions using sequences of function calls[J]. IEEE Trans on Dependable and Secure Computing, 2007, 4(2): 137-150.
  • 7HERRERIAS J, GOMEZ R. A log correlation model to support the evidence search process in a forensic investigation[C]//Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering. New York: IEEE Computer Society Press, 2007:31-42.
  • 8ABRAHAM T, VEL O. Investigative profiling with computer forensic log data and association rules[C]// Proceedings of the 2002 IEEE International Conference on Data Mining. New York: IEEE Computer Society Press, 2002: 11-18.
  • 9ABRAHAM T. Event sequence mining to develop profiles for computer forensic investigation purposes[C]//Proceedings of the 2006 Australasian workshops on Grid computing and e-research. Darlinghurst, Australia: Australian Computer Society, 2006: 145-153.
  • 10CASTRO L N, ZUBEN F J. The clonal selection algorithm with engineering applications[C]//Proceedings of GECCO'00, Workshop on Artificial Immune Systems and Their Applications. New York: ACM Press, 2000: 36-37.

共引文献4

同被引文献29

  • 1王涛,余顺争,谢逸.基于HTTP会话过程跟踪的网页挂马攻击检测方法[J].计算机研究与发展,2012,49(S2):46-54. 被引量:2
  • 2莫宏伟,徐立芳.人工免疫网络记忆分类并行算法研究[J].计算机工程与应用,2005,41(27):16-18. 被引量:1
  • 3王新年,冯珊,周凯波,周剑岚.自免疫网络安全防御体系研究[J].武汉理工大学学报,2006,28(6):90-92. 被引量:5
  • 4郭建胜,张磊,沈林章.分组密码算法CLEFIA的中间相遇攻击研究[A].第二十一届全国信息保密学术会议(IS2011)论文集[C].2011:108-117.
  • 5Casey E. Digital evidence and computer crime: Forensic science, computers and the internet [M]. Academic press, 2011.
  • 6Pilli ES, Joshi RC, Niyogi R. Network forensic frameworks: Survey and research challenges[J]. Digital Investigation, 2010, 7 (1): 14-27.
  • 7Palomoa EJ, Northb J, Elizondob D, et al. Application of growing hierarchical SOM for visualisation of network forensics traffic data [J]. Neural Networks, 2012, 32: 275-284.
  • 8Orosz P, Skopko T, Imrek J. Performance evaluation of the nanosecond resolution time stamping feature of the enhanced lib-peap [C] //The Sixth International Conference on Systems and Networks Communications, 2011: 220-225.
  • 9Gregory K, Miller A. C++ AMP: Accelerated massive pw rallelism with microsoft visual C++ [M]. O'Reilly Media, Ine, 2012.
  • 10Jarvi J, Freeman J. C+ + lambda expressions and closures [J]. Science of Computer Programming, 2010, 75 (9): 762-772.

引证文献4

二级引证文献8

武汉大学学报(工学版)
2012年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部