Evidence graph and vulnerability reasoning combined network evidence collection method and system

A combined and evidence-based technology, applied in transmission systems, electrical components, etc., can solve problems such as lack of integrity, authenticity, and inability to visualize evidence.

Active Publication Date: 2016-09-21
BEIJING UNIV OF TECH
View PDF4 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of the present invention is to provide a network forensics method and system that combines evidence graphs and loophole reasoning to solve the problem of lack of integrity and authenticity in the current forensics process, and the obtained evidence cannot be vividly reflected

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Evidence graph and vulnerability reasoning combined network evidence collection method and system
  • Evidence graph and vulnerability reasoning combined network evidence collection method and system
  • Evidence graph and vulnerability reasoning combined network evidence collection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0048] Aiming at the lack of completeness and authenticity in the current evidence collection process, and the problems that the obtained evidence cannot be vividly reflected, the present invention proposes a network forensics method combining evidence graphs and loophole reasoning. Such as figure 1 As shown, it specifically includes:

[00...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the field of digital evidence collection, and specifically relates to an evidence graph and vulnerability reasoning combined network evidence collection method and system. The method comprises the steps of collecting original data from heterogeneous data sources; storing the original data, thereby obtaining first storage data; separating evidence from the first storage data by use of a classification and recognition algorithm; marking the evidence, thereby obtaining event vectors of the evidence; establishing an evidence library according to the first storage data, the evidence and the event vectors; establishing an evidence graph according to the evidence library and an effective time sequence; and reasoning suspicious attack nodes through a VERA algorithm according to the evidence graph and simulating attack paths. Through adoption of the heterogeneous data sources, the comprehensiveness and integrity of the data sources can be ensured. The obtained evidence can be visually reflected by the VERA. According to the method, the problems that in the evidence collection process at the present stage, integrity and authenticity are poor and the obtained evidence cannot be reflected visually can be solved.

Description

technical field [0001] The invention relates to the field of digital forensics, in particular to a network forensics method and system combining evidence graphs and loophole reasoning. Background technique [0002] The frequent occurrence of computer crimes prompts the emergence and development of evidence collection. In the United States, one of the most influential countries in scientific and technological research, computer evidence has appeared in court as early as 1969, and computer forensics research has been continuously developed since then. How to obtain criminal evidence in a timely and accurate manner, ensure the legality, objectivity and relevance of evidence, and provide powerful weapons for deterring and combating computer network crimes according to law are the main contents of digital forensics research. The development of digital forensics encounters network forensics. Network forensics is a part of digital forensics. However, network forensics technology i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1433H04L63/1441H04L63/308
Inventor 何泾沙常成月肖起李亚萌方静
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap