【摘要】：隨著使用網(wǎng)絡(luò)支付的網(wǎng)民規(guī)模迅速增長(zhǎng),網(wǎng)上支付安全逐漸成為信息安全的重要方面。為了保證網(wǎng)上支付得到有效監(jiān)管,可以通過(guò)對(duì)個(gè)人異常操作進(jìn)行取證分析。因此,為了精準(zhǔn)打擊計(jì)算機(jī)犯罪,迫切需要一些針對(duì)個(gè)人異常行為的計(jì)算機(jī)取證技術(shù)。目前計(jì)算機(jī)取證技術(shù)僅限于對(duì)網(wǎng)絡(luò)和主機(jī)痕跡取證,對(duì)于個(gè)人異常行為缺乏有效的取證方法。個(gè)人異常行為取證的難點(diǎn)在于如何通過(guò)分析用戶的操作數(shù)據(jù),挖掘出有用的證據(jù)。因此,針對(duì)用戶行為的取證技術(shù)是當(dāng)前計(jì)算機(jī)取證科學(xué)和計(jì)算機(jī)取證應(yīng)用中的難題之一。本文針對(duì)目前國(guó)際、國(guó)內(nèi)相對(duì)比較少的領(lǐng)域——用戶異常行為取證展開(kāi)研究。主要工作是利用用戶行為分析技術(shù)設(shè)計(jì)和實(shí)現(xiàn)一個(gè)性能良好的取證系統(tǒng)。該系統(tǒng)能夠通過(guò)捕捉并分析與用戶行為緊密相關(guān)的操作數(shù)據(jù)變化來(lái)判斷該用戶行為是否異常。因此,本文完成了以下工作:(1)在了解目前用戶行為分析技術(shù)發(fā)展現(xiàn)狀的基礎(chǔ)之上,本文介紹了用于數(shù)據(jù)采集的Windows下API鉤掛技術(shù)、用于數(shù)據(jù)校驗(yàn)的數(shù)據(jù)指紋技術(shù)、用于數(shù)據(jù)分析的用戶行為分析技術(shù)。最終,明確了系統(tǒng)需要解決的問(wèn)題,確定了系統(tǒng)開(kāi)發(fā)環(huán)境。(2)在需求分析的基礎(chǔ)上,完成了對(duì)基于用戶行為分析的取證系統(tǒng)的設(shè)計(jì)。首先對(duì)系統(tǒng)進(jìn)行了概要設(shè)計(jì),確定了系統(tǒng)分為客戶端和Web服務(wù)器端兩個(gè)部分�？蛻舳酥饕�(fù)責(zé)數(shù)據(jù)采集、數(shù)據(jù)上傳和報(bào)告下載。Web服務(wù)器端部分主要負(fù)責(zé)數(shù)據(jù)接收、數(shù)據(jù)分析和生成報(bào)告。最后從系統(tǒng)設(shè)計(jì)的角度對(duì)系統(tǒng)進(jìn)行了詳細(xì)設(shè)計(jì),確定了系統(tǒng)的技術(shù)架構(gòu)和各個(gè)模塊的功能。(3)在系統(tǒng)設(shè)計(jì)的基礎(chǔ)上,采用用戶行為分析技術(shù),通過(guò)編程實(shí)現(xiàn)了基于用戶行為分析的取證系統(tǒng)。最后,把系統(tǒng)部署在Hadoop平臺(tái)下,對(duì)系統(tǒng)進(jìn)行功能性檢測(cè)和性能測(cè)試。通過(guò)采集常見(jiàn)的用戶操作,選擇數(shù)據(jù)分析模塊作為測(cè)試用例,發(fā)現(xiàn)系統(tǒng)能夠完整地檢測(cè)出異常用戶的操作,且具有較高的準(zhǔn)確率。
[Abstract]:With the rapid growth of Internet payment, online payment security has gradually become an important aspect of information security. In order to ensure the effective supervision of online payment, we can conduct forensic analysis of individual abnormal operations. Therefore, in order to crack down on computer crime, computer forensics is urgently needed for individual abnormal behavior. At present, computer forensics technology is limited to the evidence of network and mainframe traces, and lacks effective methods to obtain evidence for individual abnormal behavior. The difficulty of obtaining evidence of individual abnormal behavior lies in how to mine useful evidence by analyzing the user's operation data. Therefore, forensics is one of the most difficult problems in computer forensics and computer forensics. This paper focuses on the research of user abnormal behavior forensics, which is relatively few at home and abroad. The main work is to design and implement a good performance forensics system using user behavior analysis technology. The system can detect whether the user behavior is abnormal or not by capturing and analyzing the change of the operation data which is closely related to the user's behavior. Therefore, the following work has been accomplished in this paper: (1) on the basis of understanding the current development of user behavior analysis technology, this paper introduces the API hook technology for data acquisition and the data fingerprint technology for data verification. User behavior analysis technology for data analysis. Finally, the problems that the system needs to solve are defined and the system development environment is determined. (2) based on the requirement analysis, the design of the forensics system based on the user behavior analysis is completed. The system is divided into two parts: client and Web server. The client is mainly responsible for data collection, data upload and report download. Web server is mainly responsible for data receiving, data analysis and report generation. Finally, the system is designed in detail from the point of view of system design, and the technical framework of the system and the functions of each module are determined. (3) based on the design of the system, the user behavior analysis technology is adopted. The system based on user behavior analysis is realized by programming. Finally, the system is deployed on Hadoop platform to test the function and performance of the system. By collecting common user operations and selecting the data analysis module as test cases, it is found that the system can detect the abnormal user's operation completely and has a high accuracy.
【學(xué)位授予單位】：山東師范大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類(lèi)號(hào)】：TP309;D918

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 宋海濤;韋大偉;湯光明;孫怡峰;;基于模式挖掘的用戶行為異常檢測(cè)算法[J];小型微型計(jì)算機(jī)系統(tǒng);2016年02期

2 李寧;;基于一致性Hash算法的分布式緩存數(shù)據(jù)冗余[J];軟件導(dǎo)刊;2016年01期

3 倪思穎;;HBase的物理、邏輯結(jié)構(gòu)以及數(shù)據(jù)操作和適用場(chǎng)景探析[J];信息與電腦(理論版);2016年01期

4 劉春暉;黃宇;宋琦;;一種改進(jìn)的AC多模式匹配算法[J];計(jì)算機(jī)工程;2015年10期

5 封成玉;傅一帆;崔艷鵬;;關(guān)于PE文件加節(jié)程序分析[J];電子科學(xué)技術(shù);2015年05期

6 陳潮;;電子取證面臨的挑戰(zhàn)與對(duì)策研究[J];廣西警官高等專(zhuān)科學(xué)校學(xué)報(bào);2015年04期

7 曾建光;;網(wǎng)絡(luò)安全風(fēng)險(xiǎn)感知與互聯(lián)網(wǎng)金融的資產(chǎn)定價(jià)[J];經(jīng)濟(jì)研究;2015年07期

8 施亮;錢(qián)雪忠;;基于Hadoop的并行FP-Growth算法的研究與實(shí)現(xiàn)[J];微電子學(xué)與計(jì)算機(jī);2015年04期

9 孟永偉;黃建強(qiáng);曹騰飛;王曉英;;Hadoop集群部署實(shí)驗(yàn)的設(shè)計(jì)與實(shí)現(xiàn)[J];實(shí)驗(yàn)技術(shù)與管理;2015年01期

10 吳松洋;張熙哲;王旭鵬;李祥學(xué);;基于Hadoop的高效分布式取證:原理與方法[J];電信科學(xué);2014年01期

相關(guān)碩士學(xué)位論文 前2條

1 馮曉普;HBase存儲(chǔ)的研究與應(yīng)用[D];北京郵電大學(xué);2014年

2 崔鵬;基于操作網(wǎng)的內(nèi)部威脅檢測(cè)模型研究[D];國(guó)防科學(xué)技術(shù)大學(xué);2009年

，

本文編號(hào)：2134104