Research On Conflict Evidence Analysis Based On DS Evidence Theory

The freedom, openness and virtuality of Internet provide opportunities for criminals to wantonly spread illegal contents, illegally access cyber source. We use computers for infornation communication and data access every day, it is easy to suffer attacks from other computers, during which period, all kinds of traces will be left. How to get valuable information from the massive data and effectively identify alien attack become a hot spot of current forensic analysis technology research. Obviously, it is difficult for traditional forensic methods to find evidence of some fact according to relevant technology, on this occasion, efficient computer forensics technology comes into being.Computer forensics involves of many analysis methods, like the evidence pretreatment and evidence fusion. However, the low accuracy of evidence pretreatment and poor efficiency of evidence fusion will reduce the credibility of evidence in a certain extent. Therefore, this paper will start with the evidence pretreatment and evidence fusion two aspects. First of all, ultilize the improved hierarchical clustering algorithm to preprocess the evidence, in order to solve the problem that the amount of evidences is so large and the the information of evidence are so complex; then ultilize evidence theory that are with improved evidence combination rule to solve the problem of one-vote veto, and the problem that conflict evidences are difficult to be effectively integrated in the process of current evidence fusion. This paper mainly finishes the following work:(1)According to the deficiency of the hierarchical clustering algorithm in terms of distance measurement, put forward a hierarchical clustering algorithm based on global distance metric.Analyze the existing problems of hierarchical clustering algorithm, introduce the distance measurement method used in hierarchical clustering algorithm-- global distance metric, and the common form used in the hierarchical clustering algorithm-- agglomeration; propose a clustering hierarchical clustering algorithm based on global distance metric, which meets the global optimation through maximizing the objective function, achieving effective clustering for data of different density.(2) Redistribute the basic probability of evidence theory to achieve the effective integration of conflict evidence and low credibility evidence.Analyze the relevant knowledge of D-S evidence theory, such as its basic concepts, composition rules, as well as the existing problems. In view of its low credibility in high conflict evidence fusion, put forward a kind of improved evidence theory combination method, which firstly identifies the conflict evidence, and then redistribute the basic probability by adding different weights for each conflict evidence in the process of integration; finally, use traditional D-S evidence rule to fuse the evidences that have been processed, in order to obtain effective fusion results without discarding the effective information.(3) Design a system framework of conflict evidence analysis based on D-S evidence theory, realizing the integration analysis of KDD CUP99 data.Preprocess a huge number of original data that are with disunified data type using the hierarchical clustering algorithm based on global distance measurement, to reduce the number of evidence bodies; then use the improved evidence combination rule to conduct evidence fusion, in order to obtain reasonable and effective evidence analysis results. Construst the conflict evidence analysis model to deal with the KDD CUP99 data that have been submitted to the server by users, in order to verify the effectiveness of the conflict evidence analysis system presented in this paper.