标题：Network forensics scenario reconstruction method based on hidden Markov models
作者：Gu, Weiping ;Xu, Liancheng ;Ren, Min ;Han, Xiaoyan
作者机构：[Gu, Weiping ;Han, Xiaoyan ] School of Information Science and Engineering, Shandong Normal University, Jinan, China;[Ren, Min ] School of Mathematics 更多
会议名称：7th International Conference on Information Technology in Medicine and Education, ITME 2015
会议日期：November 13, 2015 - November 15, 2015
来源：Proceedings - 2015 7th International Conference on Information Technology in Medicine and Education, ITME 2015
摘要：Reconstruction Method of Network Forensics Scenario has grown into a mature and rich technology that provides advanced skills to get the chain of evidence. Using statistical methods to analyze intrusion logs in order to present evidentiary values in court are often refuted as baseless and inadmissible evidences which is not considering the input spent. These spendings is to generate the reports no matter they are well-grounded evidences or not. Thus, this paper presents the Scenario Reconstruction Method combines the Viterbi algorithm, the most likely sequence of Meta evidence which replaces the Meta evidence was acquired. With suspected evidence, thus obtaining the chain of evidence. However, the Viterbi algorithm parameters is derived from the Baum-Welch (B-W) algorithm, and the B-W algorithm is easy to fall into local optima solution. While an Adaptive Genetic Algorithm (AGA) is used to estimate parameters of the Hidden Markov model (HMM), where Chromosome coding method and genetic operation mode are designed. The experimental results show that, this method can accurately reproduce the crime scene of network intrusion, compared with the network forensic evidence fusion method which is based on the HMM. The method has been applied to forensics system, and has obtained good result.
© 2015 IEEE.