Research And Design Of Network Forensics System

Network forensics is a comprehensive process which is a scientific method including network data collection, indentify intrusion, data analysis, data storage, judgment of intrusion, enhancement of security and triggering the alarm program. With the popularization of computer, more people realize the importance of information security. Therefore, people are trying to use the advanced technologies to prevent attacks from criminals which need a safe and effective network forensics system. Based on the current research of network forensics, this paper points out the existing problems and tries to figure them out. The methods and results are shown as follows:1. The introduction of relative concepts and technologies, definition and characteristics of network forensics, the source and characteristics of electronic evidences. This paper emphatically introduces several famous forensic process models. Point out the development trend of network forensics;2. Based on the study of association rule and Apriori algorithm, this paper finds out some disadvantages of Apriori algorithm and proposes optimization strategies. The optimized algorithm is able to effectively realize association analysis by scanning the database only once. Meanwhile, simplify the connection steps and frequent item set produce steps;3. This paper proposes a network forensic process model which is a processing model with clear and complete steps, force of law and could be used in different stations. This model is not only satisfied with dynamic network forensics but also practical;4. Proposed network forensics system framework with the combination of intrusion detection and intrusion deception based on the intrusion toleration technology. And also do research in its mode. Not only could these three technologies identify the invasion effectively, ensure the evidence legitimacy, reduce the amount of data storage to ensure the effective conduct of network forensics, but also can be used as a source of evidence;5. Through the research and design of the network forensic process model and network forensics system framework, this paper designs the key interface of network forensics system.