• DocumentCode
    2351265
  • Title

    Modeling and Analyzing Dynamic Forensics System Based on Intrusion Tolerance

  • Author

    Chen, Lin ; Li, Zhitang ; Gao, Cuixia ; Liu, Yingshu

  • Author_Institution
    Sch. of Comput. Sci. & Technol., Huazhong Univ. of Sci. & Technol., Wuhan, China
  • Volume
    2
  • fYear
    2009
  • fDate
    11-14 Oct. 2009
  • Firstpage
    230
  • Lastpage
    235
  • Abstract
    As an important part of computer forensics, network forensics particularly places emphasis on dynamic network information collection and proactive defense. Most forensics systems based on intrusion detection or honeypot rarely emphasize the availability of actual servers. In addition, few of them discussed the occasion of dynamic forensics particularly. The work presented in this paper is based on an idea to assist dynamic forensics with intrusion tolerance and deception technology to enhance the availability of server system and gather more useful evidences on a proper occasion. A mechanism of dynamic forensics based on intrusion forensics is proposed and is modeled with finite state machine. The workflow is described. A semi Markov process based on the embedded Markov chain of the states transition model is built and described. Finally, the forensics capability and server availability are analysis. According to the numerical analysis result, the security performance and forensics capability of the forensics system are enhanced to a certain degree.
  • Keywords
    Markov processes; computer network reliability; failure analysis; finite state machines; numerical analysis; security of data; computer forensics; deception technology; dynamic forensics system; dynamic network information collection; embedded Markov chain; finite state machine; intrusion forensics; intrusion tolerance technology; network forensics; proactive defense; semiMarkov process; state transition model; Computer networks; Computer science; Digital forensics; Grid computing; Information analysis; Intrusion detection; Law; Markov processes; Network servers; Protection; intrusion deception; intrusion tolerance; network forensics; semi Markov process;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer and Information Technology, 2009. CIT '09. Ninth IEEE International Conference on
  • Conference_Location
    Xiamen
  • Print_ISBN
    978-0-7695-3836-5
  • Type

    conf

  • DOI
    10.1109/CIT.2009.108
  • Filename
    5329098