An anti-forensic detection model based on causality calculation
In modern network attacks,attackers often use various anti-forensics techniques to conceal their tracks.The harm of data erasure in anti-forensics technology is significant.Attackers can use this attack to delete or destroy data,thereby destroying attack evidence and disrupting the forensics process.Due to the concealment of the erasure activity itself,it is difficult to detect.This paper proposes an anti-forensics check module(AFCM)using causal relationship based traceability technology.The model gen-erates an alert traceability graph based on alert information,and calculates anomaly scores for each path in the graph through attack behavior characteristics.Through further filtering and aggregation calcula-tions,the attack path is ultimately generated.The experimental results show that this model can effec-tively achieve traceability tracking of anti-forensics erasure activities and improve the identification be-tween anti data erasure attack activities and normal activities.
国家科技期刊平台
NSTL
万方数据
