Skip to Main Content
At present there is no good security tool that can directly associate analysis to the multi-step attack on network, and reconstruct invading process to obtain the criminal evidence. So a new approach of network coordinative forensics based on data provenance was presented: Set up a log server with SYSLOG mechanism, obtain logs provenance databases with Perm rewrite technology, position multi-step attacker with where provenance, and reconfiguration attack process with why provenance. Data provenance theory and experiment results proved that the new approach is feasible and effective.
Information Technology and Artificial Intelligence Conference (ITAIC), 2011 6th IEEE Joint International (Volume:2 )
Date of Conference: 20-22 Aug. 2011