Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ ³í¹®Áö
Current Result Document : 6 / 6
| ÇѱÛÁ¦¸ñ(Korean Title) |
¾ÈƼ Æ÷·»½Ä ÇàÀ§ ŽÁö¸¦ À§ÇÑ ÆÛÁö Àü¹®°¡ ½Ã½ºÅÛ |
| ¿µ¹®Á¦¸ñ(English Title) |
Fuzzy Expert System for Detecting Anti-Forensic Activities |
| ÀúÀÚ(Author) |
±è¼¼·É
±èÈÖ°
Se Ryoung Kim
Huy Kang Kim
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 12 NO. 05 PP. 0047 ~ 0061 (2011. 10) |
Çѱ۳»¿ë
(Korean Abstract) |
ÃÖ±Ù »çÀ̹ö ¹üÁËÀÇ Áõ°¡¿Í ±× ´ë»ó ½Ã½ºÅÛÀÇ ´Ù¾çÈ·Î ÀÎÇÏ¿© µðÁöÅÐ Æ÷·»½ÄÀÇ Á߿伺ÀÌ Ä¿Áö°í ÀÖ´Ù. ÀϺΠ½Ã½ºÅÛµéÀº Àü¿øÀ̳ª ³×Æ®¿öÅ©¸¦ Â÷´ÜÇÏÁö ¾Ê°í ¼ö»çÇÏ´Â live forensicÀÇ ¹æ¹ýÀ» äÅÃÇÏ°í Àִµ¥, ÀÎÅÍ³Ý »ç¿ëÀÌ ÀϹÝȵʿ¡ µû¶ó live forensic ¹æ¹ýÀÌ Ã¤ÅõǴ Ƚ¼ö°¡ Áõ°¡ÇÏ°í ÀÖ´Ù. ±×·¯³ª live forensic ±â¼úÀÌ »ó´çÇÑ ¹ßÀüÀ» °ÅµìÇÏ¿´À½¿¡µµ ºÒ±¸ÇÏ°í ¿ø°ÝÀ¸·Î Á¢±ÙÇÏ¿© ÇàÇØÁö´Â Anti-forensic ÇàÀ§¿¡´Â ¿©ÀüÈ÷ Ãë¾àÇÑ ½ÇÁ¤ÀÌ´Ù. ÀÌ¿Í °°Àº ¹®Á¦¸¦ ÇØ°áÇϱâ À§ÇÏ¿© ù ¹ø°·Î ¿ì¸®´Â Anti-forensic ÇàÀ§¸¦ 5°³ÀÇ °èÃþÀ¸·Î ºÐ·ùÇÏ°í °¢ °èÃþº°·Î °¡´ÉÇÑ Anti-forensic ÇàÀ§ÀÇ ½Ã³ª¸®¿À¸¦ »ý¼ºÇÏ´Â ¹æ¹ýÀ» Á¦¾ÈÇÏ¿´´Ù. µÎ ¹ø°·Î fuzzy Àü¹®°¡ ½Ã½ºÅÛÀ» Á¦¾ÈÇÏ¿© È¿°úÀûÀ¸·Î Anti-forensic ÇàÀ§¸¦ ŽÁöÇÒ ¼ö ÀÖµµ·Ï ÇÏ¿´´Ù. ¸î¸î Anti-forensic ÇàÀ§¿¡ »ç¿ëµÇ´Â ¸í·É¾îµéÀº ÀϹÝÀûÀÎ ½Ã½ºÅÛ °ü¸®¸¦ À§ÇÏ¿© »ç¿ëµÇ´Â ¸í·É¾î¿Í ¸Å¿ì À¯»çÇÏ´Ù. µû¶ó¼ ¿ì¸®´Â fuzzy logicÀ» »ç¿ëÇÏ¿© ¸ðÈ£ÇÑ µ¥ÀÌÅ͸¦ ´Ù·ê ¼ö ÀÖµµ·Ï ÇÏ¿´´Ù. ¹Ì¸® Á¤ÀÇµÈ ½Ã³ª¸®¿À¿¡¼ ¸í·É¾î¿Í ¿É¼Ç ¹× ÀÎÀÚ °ªÀ» ÀÌ¿ëÇÏ¿© ·êÀ» »ý¼ºÇÏ°í fuzzy Àü¹®°¡ ½Ã½ºÅÛ¿¡ ÀÌ ·êÀ» ÇнÀÇϵµ·Ï ÇÏ¿© À¯»çÇÑ ÇàÀ§°¡ ŽÁöµÇ¾úÀ» ¶§ Ãß·ÐÀ» ÅëÇÏ¿© ¼ö»ç°ü¿¡°Ô ¾ó¸¶³ª À§ÇèÇÑ ÇàÀ§ÀÎÁö ¾Ë·ÁÁØ´Ù. ÀÌ ½Ã½ºÅÛÀº live forensic ¼ö»ç°¡ ÁøÇàµÉ ¶§ ¹ß»ýÇÒ ¼ö ÀÖ´Â Anti-forensic ÇàÀ§¸¦ ½Ç½Ã°£À¸·Î ŽÁöÇÒ ¼ö ÀÖµµ·Ï ÇÏ¿© Áõ°Å µ¥ÀÌÅÍÀÇ ¹«°á¼ºÀ» À¯ÁöÇϵµ·Ï ÇÑ´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Recently, the importance of digital forensic has been magnified because of the dramatic increase of cyber crimes and the increasing complexity of the investigation of target systems such as PCs, servers, and database systems. Moreover, some systems have to be investigated with live forensic techniques. However, even though live forensic techniques have been improved, they are still vulnerable to anti-forensic activities when the target systems are remotely accessible by criminals or their accomplices. To solve this problem, we first suggest a layer-based model and the anti-forensic scenarios which can actually be applicable to each layer. Our suggested model, the Anti-Forensic Activites layer-based model, has 5 layers . the physical layer, network layer, OS layer, database application layer and data layer. Each layer has possible anti-forensic scenarios with detailed commands. Second, we propose a fuzzy expert system for effectively detecting anti-forensic activities. Some anti-forensic activities are hardly distinguished from normal activities. So, we use fuzzy logic for handling ambiguous data. We make rule sets with extracted commands and their arguments from pre-defined scenarios and the fuzzy expert system learns the rule sets. With this system, we can detect anti-forensic activities in real time when performing live forensic.
|
| Å°¿öµå(Keyword) |
¾ÈƼ Æ÷·»½Ä(Anti-forensic)
¾ÈƼ Æ÷·»½Ä ÇàÀ§ ¸ðµ¨
Anti-forensic activity model
¶óÀ̺ê Æ÷·»½Ä(live forensic)
ÆÛÁö ·ÎÁ÷(fuzzy logic)
Àü¹®°¡ ½Ã½ºÅÛ(expert system)
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
