Analysis And Security Audit Based On Network Flow Log

With the development of Internet, because of the opening-up and freedom of Internet, more and more problems grow up,including broadcasting harmful information,crimines by Internet. How to control and supervise peoples' behavior in Internet is faced by modern network management.With the usage of GS (Gateway System), it's possible to using real name in Internet. It's also the fundation of Security Audit. The paper implements Security Audit based on Network Flow log ,by text log query,log statistics,auto alerting by Alert Rules and user's behavior analysis, to create a clean Internet.The paper is made up with 6 parts. The 1st part introduces the background knowlege and related technology, also including GS, Linux platform,Java language and Oracle 9i database. The 2nd part introduces data mining technology emphatically, analyses several modes,compares their alogrithm and gives a brief of Weka sofware. The 3rd part describes the whole system design,including log query.log statistics,auto alerting,data mining and so on. The 4th describes how to implement log query and log statistics in detail.The 5th part describes how to implement auto alerting and data mining in detail. The last part is the summary of the paper,mainly evaluating the advantage and shortage.