| Network as one of the main path to get information, it is also working with its reliance on soaring. However, there is a growing network intrusion, which bring problems to people's daily life, or even make huge economic loss, threat to the national security. Traditional defense mechanisms are no longer to eliminate the threat of intrusion of the task, people began to explore new ways to combat cyber crime.Network forensics is developing in this background. The purpose of network forensics is to analysis the trace after the attacks of the hacker, get electronic evidence of the invasion, and accuse the hacker with the electronic evidence.No matter foreign or domestic, research of the network forensics technology are in the initial stage, the research work in this paper are as follows: 1. Discussed the basic concepts of network forensics, computer forensics, digital forensics, electronic evidence systematically. Summarized the principles, process and model of network forensics. Analyzed the technology of intrusion detection, honeypots and computer forensics, finally get the development trend of network forensics. 2. Introduced common methods of data preprocessing, such as data cleaning, data integration and transformation, data reduction, discretization, and pretreatment of unbalancing data sets. In the process of network forensics, facing of massive, distribution extremely unbalanced network data, using reasonable data preprocessing methods can not only save a lot of time and storage space, but also get a better effect of decision-making and predict with the mining results.3. Proposed a model and method of forensics which based on network intrusion detection. In the process of forensics,through the network intrusion detection system to monitor the entrie network, not only can provide real-time dynamic information,but also can short the development cycle of forensics system by modifing and expanding the function of intrusion detection system which can used in network forensics.4. Through the analysis, it can be shown that the process of extracting electronic evidence from massive network data is same with the process of mining outlier rules from the massive data. With defining the average density, proposed a new auto-tagging outlier algorithm and further on the basis of part function of this algorithm and the algorithm C4.5 proposed a new construction method which based on outlier data automatically marked fuzzy decision tree, and applied to network forensics. |
PDF Full Text Request