Paper Info
Title
Modeling and Analyzing Dynamic Forensics System Based on Intrusion Tolerance
Abstract
As an important part of computer forensics, network forensics particularly places emphasis on dynamic network information collection and proactive defense. Most forensics systems based on intrusion detection or honeypot rarely emphasize the availability of actual servers. In addition, few of them discussed the occasion of dynamic forensics particularly. The work presented in this paper is based on an idea to assist dynamic forensics with intrusion tolerance and deception technology to enhance the availability of server system and gather more useful evidences on a proper occasion. A mechanism of dynamic forensics based on intrusion forensics is proposed and is modeled with finite state machine. The workflow is described. A semi Markov process based on the embedded Markov chain of the states transition model is built and described. Finally, the forensics capability and server availability are analysis. According to the numerical analysis result, the security performance and forensics capability of the forensics system are enhanced to a certain degree.
Year
DOI
Venue
2009
10.1109/CIT.2009.108
CIT (2)
Keywords
Field
DocType
analyzing dynamic forensics system,server availability,forensics capability,intrusion tolerance,dynamic forensics,dynamic network information collection,intrusion forensics,computer forensics,network forensics,forensics system,intrusion detection,state transition,numerical analysis,finite state machine,forensics,failure analysis,availability,finite state machines,markov processes,servers
Dynamic network analysis,Honeypot,Network forensics,Computer forensics,Computer science,Computer security,Server,Intrusion tolerance,Intrusion detection system,Workflow,Distributed computing
Conference
Citations 
PageRank 
References 
5
0.52
2
Authors
4
Name
Order
Citations
PageRank
Lin Chen114537.23
Zhitang Li222631.89
Cuixia Gao3222.00
Yingshu Liu491.03