Research On The Network Intrusion Forensics System Base On Data Mining

With the quick development of computer network technologies, more and more criminals use them to commit a crime. How to effectively obtain the electronics evidence which can testify the computer crime, and attack the computer crime validly, it involves the technology of computer intrusion forensics.This paper studies the technology of computer intrusion forensics completely, and includes six chapters. The contents are as below:Chapter 1 is the introductions. It introduces the background of this paper, the computer crime and its characteristics, and the domestic and overseas research status.Chapter 2 is the summarization of computer forensics. It introduces the contents and steps of computer forensics, and the concept, the characteristics and the source of electro-witness.Chapter 3 is the introductions of the technology of computer forensics. It introduces diversified technologies in the steps of computer forensics which in common use.Chapter 4 is the forensics analysis base on Data Mining. Firstly introduces the correlation knowledge of Data Mining and five techniques which use in forensics analysis. Then introduces the material process in forensics analysis base on Data Mining. Lastly introduces the application of Data Mining techniques through giving an example.Chapter 5 is the introductions of a model of the computer forensics system. A model to the distributed agent dynamic forensics system has been established, and every part of the model has been designed detailedly.Chapter 6 is the achiever of the computer forensics system, namely the Network Intrusion Forensics System base on Data Mining. It includes the interface design of every subsystem, capturing network data, data security communication, data analysis using Data Mining techniques, and the achiever of integrality conserving of the electro-witness.The innovation of this paper includes thorough studying the forensics analysis techniques base on Data Mining, advancing several Data Mining arithmetic using in forensics analysis, and designing a application process; establishing a model of the distributed agent dynamic forensics system, and designing detailedly every part of the model; achieving the network intrusion forensics system, including the interface design of every subsystem, capturing network data, data security communication, data analysis using Data Mining techniques, and the achiever of integrality conserving of the electro-witness.