Research Of Intrusion Dynamic Forensics Model Based On Classification Analysis

With the rapid development of information technology, it provides many convenience to oursocial lives, and at the same time, various network security threats such as network attacks,hackers, trojans, viruses happen frequently. The computer crime is getting worse, which not onlyseriously hinders the further development of the computer technology, but also leads to hugeeconomic loss and damage. It is urgent to solve the problem that how to effectively combat thecomputer illegal crime activity, and the key of the problem is to obtain the full, effective andlegal electronic evidence. Therefore, the computer forensics becomes an important means tofight the computer crime and solve the network security problem.The traditional computer forensics technologies are mainly static forensics. But along withthe improving of computer criminal means, depending only on the static forensics has not beenable to adapt to the development of the situation, dynamic forensic technology together withnetwork security tools such as intrusion detection, a firewall has become the new direction ofcomputer forensics technology development. This paper studies deeply the intrusion detectiontechnology on the basis of combining intrusion detection technology with computer forensicstechnology. There exits the problem of high-dimension and magnanimous in intrusion forensics.Therefore, it is important to intrusion forensics on how to obtain the evidence needed in time inthe vast amount of information in order to improve the speed of forensics and satisfy theprinciple of evidence timely, and how to improve the accuracy of evidence detection to ensurethe truth and effectiveness of evidence and so on. So, the main works of this paper include thefollowing aspects:1. This thesis proposes an improved information gain algorithmFeature selection algorithm based on the information gain can solve the problem ofhigh-dimension and magnanimous in intrusion forensics, but it neglects correlation betweenfeatures, which can lead to the redundancy of features, and affect the speed and accuracy ofintrusion forensics. Therefore, an improved information gain algorithm based on featureredundancy is proposed. In the improved algorithm, the irrelevant features and the redundantfeatures are removed by adding the judgments of redundancy between features, which effectivelysimplified feature subset. The experimental results show that the proposed algorithm caneffectively select features, ensure detection accuracy and improve processing speed.2. This thesis proposes a weighted naive bayes algorithm based on improved informationgainTraditional naive bayes classification exists the issues of feature redundancy in intrusionforensics and neglects the difference between data attributes in different intrusion actions.Therefore, an improved weighted naive bayes classification method by setting attribute weightsis proposed. First, a new information gain algorithm based on feature redundancy is used to optimize the set of feature, then the discriminant of feature redundancy extracted as weights isintroduced to bayes classification algorithm based on this optimization results. The differentcondition attributes are weighted differently. The experimental results show that the newalgorithm can reduce classification interference and improve detection accuracy.3. This thesis designs and implies an intrusion dynamic forensics modelThis model, based on the main thought of combining computer forensic technology withintrusion detection technology, records the system’s work and the whole process of hackers byintrusion detection, collects and identifies invasion evidence dynamically, and sends the evidenceto the evidence library to preserve. In this model, the improved information gain and naive bayesalgorithm are used for intrusions analysis to provide enough evidence information for dynamicforensics in time.