作　　者： ; ; ; ; ;

机构地区： 四川大学计算机学院

出　　处： 《四川大学学报（工程科学版）》 2004年第5期108-111,共4页

摘　　要： 为有效提取证据,保证证据的原始性和有效性,建立了基于动态克隆选择原理的入侵监控细胞以及动态取证细胞的模型,给出了自体、非自体、抗原、检测细胞以及证据的定义。监控细胞实现对网络入侵的实时监控,并及时启动取证细胞,完成对网络入侵证据的实时提取。实验表明,该模型能有效地对多种攻击进行实时证据的提取,具有自适应性、分布性、实时性等优点,是动态计算机取证的一个较好解决方案。 In order to fetch evidences effectively and insure their originality and validity, a new method for dynamic computer forensics is presented. A model of MoC (Monitor Cell) based on dynamic clonal selection theory and a DfoC (Dynamic computer Forensics Cell) are defined. The definitions of self, non-self, detection cell and evidence are given out. The MoC surveils network intrusions real timely and start DFoC immediately when it finds intrusions. Thus the DFoC can collect evidences dynamicaly. The experiment shows that the model can effectively fetch real-time evidence of diverse attacks, and has the features of self-adaption, distribution, and real time. Therefore it is a good way for dynamic computer forensics.

关 键 词： 人工免疫 网络入侵 计算机取证

领　　域： [自动化与计算机技术] [自动化与计算机技术]