Research On Secure Analysis Of Network Services System Logs

Network systems logs are excellent sources of information for real-time systemmonitoring and also for network event analysis. Analyzing network logs to detect maliciousattacks is one form of security defense. Research on network service system log analysistechnology to enhance network security management capabilities has great academic valueand practical significance.The main contributions of this dissertation are as follows:(1) A network services system security model. Network services system is a system to providea particular form of network-based information services. Network services securityincluding the security of the information systems and the security of information systemsservers. Network Services System Model is a multi-level system security model. Thesecurity properties of a network services system security model were given. In order forthe system to meet these properties, the activities of system must observe some rules. Theproofs of these rules were also given.(2) A set of rules used for analysis of network service system log were given. To do networksecurity services system log analysis, rules were used to find the violation of the securityproperty and determine the session's next state. The rules and their proofs were provided.(3) The ways to analyze the WWW log. Log analysis rules were given to analyze each WWWrequest response. An example of detecting SQL injection was also given to illustrate theeffectiveness of these rules.