Based On Protocol Analysis Of Network Security Audit System Design And Implementation

With the development of network technology in all walks of life and a wide rangeof network applications, increasing emphasis on network security enterprises.The vastmajority of attacks are derived from the internal network along network securityissues,and the firewall, intrusion detection and other traditional security technologiesinternal network monitoring and prevention but ill-considered, so the development anddeployment of traditional security technologies complement network security auditproducts to solve network security has become an important means.In this paper, design and implementation of a protocol-based analysis of networksecurity audit system by undertake extensive research about the network protocolanalysis and network security auditing techniques. Studies are as follows:(1) For security audit perspective, research and analysis of the data packetsrecombinant technology, packet direction identification technology, especially thedirection of the packet identification technology research for the correct protocolanalysis provides basic protection.(2) Research how to capture and use the packet. Capture and use are two moduleswith a synchronization relationship, this system is designed to use two files to be writeand read alternately as a mechanism to achieve this relationship.(3) Research how to analysis and restore the packet in a protocol stack style,especially on how the packet IP fragment reassembly, and how correct the TCP order.For IP and TCP reorganization, the main use of filling empty blocks to achieve.(4) Research how to manage and organize the structure of the transport layersession to ensure that it corresponds to a different session on the application layerprotocol analysis information is correct management. The system is designed with theuse of hash and list ways to manage and positioning session and a five-tuple as hashKEY to match the hash.After verification, the prototype system can achieve internal network protocollevel data in real-time monitoring, intelligent auditing functions, making the networkbehavior within the network staff and operation content visible. Implementation of thesystem of internal network security provides a strong support.