Research And Application Of Event Detecting Methods Based On Dynamic Rules

The file system security monitoring has been essential to IDS (Intrusion Detection System) in recent years. On the other hand, the research of monitoring system to measure file system performance also has been plentiful and substantial. Although they both are vital important parts of file system monitoring, each of them has been functioning in its own way for a long time, and there is no convenient coordinating mechanism to integrate them into the file system monitoring framework efficiently. In addition, with emergence and popularization of the high speed network and Internet, distributed system dedicated to network applications has increasingly been the key infrastructure of any information society. The research of distributed file system monitoring technique, which provides reliable file storing and safe file sharing, is practical and principal.According to the requirement of monitoring system for distributed system and aiming at monitoring the NFS (Network File System), which has been widely implemented under most platforms, an event monitoring framework based on dynamic rules is presented, and the specification, analyzing and compiling of a general DRDL (Dynamic Rules Description Language) are also discussed in this thesis. After all these ground work, an efficient detecting algorithm for timing constraints events has been studied and a NFS monitoring prototype system, whose performance is evaluated through several experiments, has been designed and implemented finally.The event detecting framework based on dynamic rules implements an event filtering mechanism, which matches high level events according to the user-defined dynamic rules by efficient event detecting algorithms, prevents the user from inundating by low level monitoring event information in the distributed system. With the help of transcendent experience reflected by the dynamic rules, the vital important events which influence application performance largely can be detected from seemingly unrelated low level events.DRDL can be used to describe timing constraints event and supports dynamic change of high level event definition. Since its syntax is similar to C language, users can master it easily. By iterating directory event embedded in DRDL file system security monitoring and performance monitoring can be integrated into the event monitoring framework.Based on the timing constraints event model of RTL (Real Time Logic), the compiling algorithms for timing constraints event transform the problem of how todetect timing constraints event to the problem of how to find negative cycle in weighted directed graph, which is named as constraints graph. By simplifying constraints graph, the efficient detecting algorithms for timing constraints event have been developed, which not only has good time complexity but also can find events that violate timing constraints as early as possible.In order to verify the event detecting methods based on dynamic rules and to check its efficiency in application, experiment schemes are designed and performed on the implemented prototype system in Linux environment. Data structure and interface of key modules in prototype system are presented. The results from the experiments show that the expected performance is achieved and confirm the validity when the event detecting methods based on dynamic rules are applied to the complex timing constraints monitoring in distributed environment.Investigation presented in this thesis can provide the future development of the file system monitoring tools and distributed system monitoring tools with good reference.