...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Systems Journal, IEEE >Using Geolocation for the Strategic Preincident Preparation of an IT Forensics Analysis
【24h】

Using Geolocation for the Strategic Preincident Preparation of an IT Forensics Analysis

机译:使用地理位置进行IT取证分析的战略事前准备

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Attack traceability and attribution are two of the main tasks of IT forensics. To support this, IT forensics is not limited to investigate data after the attack has taken place. Already before the attack, an optimal environment for a subsequent investigation has to be created. While this is primarily focused on ordinary logging, we propose to set both degree and characteristics of logging, based on geolocation. Thus, for conspicuous locations, more knowledge is gathered and stored in advance (georeputation). Next to this, due to the fact that the distribution of IP addresses is not static, additional information is stored to, e.g., determine the Internet service provider, which was responsible for the IP at the time the crime was committed. This additional data also contains geoinformation that can be used later to reconstruct attack routes and to identify and analyze distributed attacks. For these purposes, however, the IP localization mechanisms, i.e., the underlying method for geolocation, must be very accurate. Therefore, next to highlighting, the benefits of including geobased information and providing our architecture in order to do so, this publication also investigates accuracy and reliability of geoinformation and provides its own geolocation architecture and a corresponding prototype, including an evaluation.
机译:攻击的可追溯性和归因是IT取证的两个主要任务。为此,IT取证不限于在攻击发生后调查数据。在攻击之前,必须为随后的调查创建最佳环境。尽管这主要集中在普通日志记录上,但我们建议根据地理位置设置日志记录的程度和特征。因此,对于显眼的位置,需要事先收集和存储更多的知识(地名计算)。紧接着,由于IP地址的分配不是静态的事实,附加信息被存储以例如确定互联网服务提供商,该互联网服务提供商在犯罪时负责IP。此附加数据还包含地理信息,以后可用于重建攻击路线以及识别和分析分布式攻击。但是,出于这些目的,IP本地化机制(即地理定位的基础方法)必须非常准确。因此,除了重点介绍包含地理信息并提供我们的体系结构的好处之外,本出版物还研究了地理信息的准确性和可靠性,并提供了自己的地理定位体系结构和相应的原型,包括评估。

著录项

  • 来源
    《Systems Journal, IEEE》 |2016年第4期|1338-1349|共12页
  • 作者

    Robert Koch; Mario Golling; Lars Stiemert; Gabi Dreo Rodosek;

  • 作者单位

    Research Center CODE (Cyber Defence), Faculty of Computer Science, Universität der Bundeswehr München, Neubiberg, Germany;

    Research Center CODE (Cyber Defence), Faculty of Computer Science, Universität der Bundeswehr München, Neubiberg, Germany;

    Research Center CODE (Cyber Defence), Faculty of Computer Science, Universität der Bundeswehr München, Neubiberg, Germany;

    Research Center CODE (Cyber Defence), Faculty of Computer Science, Universität der Bundeswehr München, Neubiberg, Germany;

  • 收录信息
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

    IP networks; Geology; Forensics; Security; Accuracy; Reliability; Internet;

    机译:IP网络;地质;取证;安全性;准确性;可靠性;互联网;

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号