Network evidence taking content tracing method based on multiple fingerprint Hash bloom filters

A Bloom filter and filter technology, applied in the direction of instruments, special data processing applications, electrical digital data processing, etc., can solve the problems of traceability and insufficient traceability, and achieve strong traceability and efficiency, high processing efficiency and accuracy rate, the effect of high compression ratio

Active Publication Date: 2015-07-22
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF4 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although this method has a certain ability of traceability and evidence collection, its disadvantage is that it can only trace the source of the payload, and can only obtain the quadruples of the source and destination
In network security incidents, in order to judge victims or perpetrators for evidence collection, the traceability of the system is far from enough

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network evidence taking content tracing method based on multiple fingerprint Hash bloom filters
  • Network evidence taking content tracing method based on multiple fingerprint Hash bloom filters
  • Network evidence taking content tracing method based on multiple fingerprint Hash bloom filters

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] In order to make the above objects, features and advantages of the present invention more obvious and understandable, the present invention will be further described below through specific embodiments and accompanying drawings.

[0032] In order to realize content traceability in network security incidents, the present invention provides a network forensics content traceability method and system based on an enhanced fingerprint multi-hash Bloom filter (EWMB), and the system is referred to as CAS. It mainly includes two aspects: (1) the design of network forensics content traceability system (CAS) architecture; (2) a data structure of enhanced fingerprint multi-hash Bloom filter (EWMB) is proposed.

[0033] The structure diagram of the network forensics content traceability system (CAS) of the present invention is as follows figure 1 As shown, it includes the following three parts:

[0034] (1) Data reorganization: reorganize the original network traffic data packets ca...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network evidence taking content tracing method based on multiple fingerprint Hash bloom filters. The method comprises the steps that captured original network flow data packets are recombined, and conversations of application layers are constructed; within each time interval, conversation content is divided into blocks to be stored into the enhanced multiple fingerprint Hash bloom filters, a conversation index table is saved, and each block is stored into the basic bloom filter and connected with conversion indexes in series to be stored into the bloom filter with the conversion indexes; after an inquiry request is received, the same method is used for blocking inquired excerpts, then searching is carried out in all file storing units within the possible time intervals, at first, the obtained blocks are inquired in the basic bloom filter, and if the blocks can be inquired, the obtained blocks are connected with candidate conversation indexes in series and inquired in the bloom filter with the conversation indexes to obtain application information of the excerpts. The method can improve the ability and the accuracy of network evidence taking content tracing.

Description

technical field [0001] The invention relates to the field of network forensics, and is a network forensics method and system for tracing the source of session content based on an enhanced fingerprint multi-hash Bloom filter (EWMB) data structure. Background technique [0002] The popularity of computers and networks has brought great convenience to the present invention, but at the same time a large number of information security threats have also been produced. Among them, what attracts attention is that cybercrime is becoming more and more rampant nowadays, both in terms of scope and technical means used are changing with each passing day. There have been some excellent works on the prevention of cybercrime, but there are few results in helping law enforcement agencies or security experts to investigate and collect cybercrimes. A method that can trace the content transmitted on the network is needed. system. [0003] The most direct method is to capture and store the ori...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30H04L29/06
Inventor 陈小军时金桥蒲以国郭莉徐菲陈雁于晓杰文新徐睿
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap