|
|
计算机应用研究 2008
Framework of forensic system against intrusion
|
Abstract:
Several frequent intrusions were analyzed and a general intrusion pattern was abstracted from these attacks.Based on this abstraction of intrusion pattern,the basic characteristics of intrusion forensic system was presented.By giving the mo-del of the forensic system against intrusion, a prototype called KIFS(kernel intrusion forensic system) based on the forensic model was implemented.In an experiment aimed at collecting evidence against a real world exploit in FreeBSD-4.3 operating system,according to the result given by KIFS,details of the intrusion were recorded succossfully and the whole incident was reconstructed.
