%0 Journal Article
%T Framework of forensic system against intrusion<br>面向入侵的取证系统框架*
%A ZHOU Bo-wen
%A DING Li-ping
%A WANG Yong-ji
%A <br>周博文
%A 丁丽萍
%A 王永吉
%J 计算机应用研究
%D 2008
%I 
%X Several frequent intrusions were analyzed and a general intrusion pattern was abstracted from these attacks.Based on this abstraction of intrusion pattern,the basic characteristics of intrusion forensic system was presented.By giving the mo-del of the forensic system against intrusion, a prototype called KIFS(kernel intrusion forensic system) based on the forensic model was implemented.In an experiment aimed at collecting evidence against a real world exploit in FreeBSD-4.3 operating system,according to the result given by KIFS,details of the intrusion were recorded succossfully and the whole incident was reconstructed.
%K intrusion
%K computer forensics
%K operating system
%K kernel<br>入侵攻击
%K 计算机取证
%K 操作系统
%K 内核
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=A9D9BE08CDC44144BE8B5685705D3AED&aid=059C5969E57AE4BD90397E24C0FBD555&yid=67289AFF6305E306&vid=C5154311167311FE&iid=E158A972A605785F&sid=87EA718095CEFCE5&eid=2625CEFACC964DE3&journal_id=1001-3695&journal_name=计算机应用研究&referenced_num=0&reference_num=7