网络取证中的电子证据融合、推理及呈现技术研究

Network Forensics Research for the investigation of computer network crime and it provides a new valid method and tool. However, the current research in the chain of evidence fusion, reasoning and electronic evidence and other details of limitations, resulting in network forensics technology to practical application and deployment. This project will focus on these factors, to the electronic evidence of fusion, reasoning and appears as the core scientific problems, for the construction of a real-time, accurate, efficient Network Intrusion Forensics System, to provide the theoretical basis and key functional unit technology and method. And be in the following aspects made innovative achievements: suspected evidence conflict resolution techniques and methods of network forensics technology research for the investigation of computer network crime and it provides a new valid method and tool. However, the current research in the chain of evidence fusion, reasoning and electronic evidence and other details of limitations, resulting in network forensics technology to practical application and deployment. This project will focus on these factors, to the electronic evidence of fusion, reasoning and appears as the core scientific problems, for the construction of a real-time, accurate, efficient Network Intrusion Forensics System, to provide the theoretical basis and key functional unit technology and method. And be in the following aspects made innovative achievements: suspected evidence conflict resolution techniques and methods, effectiveness of the chain of evidence reasoning model and algorithm, evidence of atlas analysis technology, crime portrait of theory and method. Project in network forensics theoretical and method two respects obtain a breakthrough, for China to fight against the computer network crime case and provide a theoretical basis and technical support. Method, effectiveness of the chain of evidence reasoning model and algorithm, evidence of atlas analysis technology, crime portrait of theory and method. Project in network forensics theoretical and method two respects obtain a breakthrough, for China to fight against the computer network crime case and provide a theoretical basis and technical support.

网络取证技术的研究为调查计算机网络犯罪提供了一种新的有效方法和工具。然而当前相关研究在证据链融合、推理以及电子证据呈现等细节方面的局限性，致使网络取证技术难于实际应用和部署。本项目将重点考虑这些因素，以电子证据的融合、推理及呈现为核心科学问题，为构建一个实时、高效、准确的网络入侵取证系统，提供基础理论和关键功能单元技术与方法。并拟在以下方面取得创新性成果：疑似证据冲突消解技术与方法、有效性证据链推理模型与算法、证据图的图谱分析技术、犯罪行为画像的理论与方法等。项目力争在网络取证理论和方法两个方面取得突破，为我国打击计算机网络犯罪案件提供理论依据和技术支撑。

在Internet规模不断增长的同时，与Internet有关的安全事件也愈来愈多，安全问题日益突出。理论和实践分析表明，诸如计算机病毒、恶意代码、网络入侵等攻击行为之所以能够对计算机系统产生巨大的威胁。在计算机网络犯罪手段与网络安全防御技术彼此较量不断升级的形势下，单靠网络安全技术打击计算机犯罪不可能非常有效，因此需要发挥社会和法律的强大威力来对付网络犯罪，计算机取证（Computer Forensics）在这种形势下产生和发展起来。.通过将弱点关联性的概念引入到网络入侵取证领域，根据网络系统的弱点知识和环境信息构建了证据推理网络，提出一种基于证据推理网络的实时网络入侵取证方法—NetForensic，利用证据推理网络所提供的多阶段攻击推理能力，NetForensic能够高效实时地重构攻击流程，给出完整可信的证据链。