A computer forensics model based on danger theory

作者:Peng Lingxi*; Li Zhengde; Zeng Jinquan; Zhang Jian; Liu Caiming; Liang ChunLin
来源:Workshop on Intelligent Information Technology Application (IITA 2007), 2007-12-02 to 2007-12-03.

摘要

To effectively collect electronic evidences of computer crime, a novel danger theory based computer dynamic model (Demed) is proposed. With definitions of self non-self and detector, the intrusion detection sub-model is given, which is composed of memory cell set, mature cells set, and immature cells set. Then, the danger theory based computer dynamic forensics sub-model is further given. Both the theory analysis and experimental results show that Demed provides an effective approach for computer dynamic forensics.