| Based on various research results and practical experiences, by vise of the characteristics of RUSSEL language, this presents a universal, powerful and efficient expert system.The thesis proposed a powerful sequence evaluation method. It was a rule based method designed especially for intrusion detection analysis. It is fitful for the analysis of B3 level security audit data, can undertake efficiently huge amount of data analysis task. This method needs the format of the data source to be a standardized format NADF. By this method, the difference and disparity among various kinds of audit data can be transparent, and then the goal universality can be reached.For the purpose of universality, this thesis designs a plug-in for the language-Format Adaptor. With it, analysis utilities can convert in real time various kinds of audit data to standardized format NADF, for the sake of on-line detection; This thesis also designs another plug-in-action parser engine. By the engine, the administrator can easily add customized function part. Thus at the time of breach event happening, we can submit alarm report in time, or perform some pre-empt actions. Also, with this engine, we can do online reduction to the huge amount of audit data.Such a complete analysis utility deals with audit trail analysis in a lot kinds of security architecture. It can perform online intrusion detection work, especially for heterogeneous or distributed network environment computing group.This thesis also combines with advanced artificial intelligence technology, introduces Time-based Inductive Machine(TIM) concept into analysis utility, proposes an improved approach for the expert system. This establishes theory basis for further research and practice.
|
PDF Full Text Request