Abstract | ||
---|---|---|
As an important part of computer forensics, network forensics particularly places emphasis on dynamic network information collection and proactive defense. Most forensics systems based on intrusion detection or honeypot rarely emphasize the availability of actual servers. In addition, few of them discussed the occasion of dynamic forensics particularly. The work presented in this paper is based on an idea to assist dynamic forensics with intrusion tolerance and deception technology to enhance the availability of server system and gather more useful evidences on a proper occasion. A mechanism of dynamic forensics based on intrusion forensics is proposed and is modeled with finite state machine. The workflow is described. A semi Markov process based on the embedded Markov chain of the states transition model is built and described. Finally, the forensics capability and server availability are analysis. According to the numerical analysis result, the security performance and forensics capability of the forensics system are enhanced to a certain degree. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1109/CIT.2009.108 | CIT (2) |
Keywords | Field | DocType |
analyzing dynamic forensics system,server availability,forensics capability,intrusion tolerance,dynamic forensics,dynamic network information collection,intrusion forensics,computer forensics,network forensics,forensics system,intrusion detection,state transition,numerical analysis,finite state machine,forensics,failure analysis,availability,finite state machines,markov processes,servers | Dynamic network analysis,Honeypot,Network forensics,Computer forensics,Computer science,Computer security,Server,Intrusion tolerance,Intrusion detection system,Workflow,Distributed computing | Conference |
Citations | PageRank | References |
5 | 0.52 | 2 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Lin Chen | 1 | 145 | 37.23 |
Zhitang Li | 2 | 226 | 31.89 |
Cuixia Gao | 3 | 22 | 2.00 |
Yingshu Liu | 4 | 9 | 1.03 |