| Along with the large-scale application of the computer network, the present computer network and information security have grown into pressing subjects confronting the state and diversified organizations. The computer-based network security technology, however, is still at its fledgeling stage. The pragmatic tech of computer security, such as FW and IDS, etc., can provide preliminary technical solutions for computer network safety, while the reports on security matters brought about by the these security tools still stay at the stage of disperse original data, which are not analyzed in-depthly as well as synthetically, from which few synthetic, pragmatic fruits of event analysis would result. Therefore, the research in the correlated analysis on computerized network security matters would prove to be a technical marked breakthrough and, in social sense, would offer more sophisticated safety protection to computerized network security utilized by the state, enterprises and other organizations, thus endowing the research tremendous market value.First of all, the research on this project should attach importance to the data format as well as the ways of recording and restoring security matters happen in diverse mainstream operating systems because all the operations performed by the system will be kept in its matter memorandum, including the facts, in terms of a system, that whether the system was contracted virus, whether it was intruded by hikers illegitimately, whether it was collapsed due to the local users' improper operation, and the like. By manually analyzing the system memorandum, we can find out the reasons of errors and then suit the remedy to the case. As to the tens of thousands of operating systems, however, it is a rather resource-consuming job tomaintain the memorandum manually. Fortunately, this problem can be addressed by employing SNMP agreement to uniformly collect the system memorandums because they are alike or similar in format, from which we can abstract a data format carrying integrated technical quality by means of tapping these memorandums and making a all-round analysis. By exploiting computers to deal with memos, we can greatly improve the work efficiency and rate of eligibility, investigate the correlation analysis approach lies in the technical quality of events, devise the elementary mode of interrelated calculating, and further research and develop the approaches and data formats that can be used to collect the occurrence, recording and restoring of the comprehensively correlated security events.Finally, by establishing the system mode of the software employed to collect memorandums and testing a Linux system, we easily reaped the information pertaining the related memos as well as the network flux of the system but failed to launch a mock attack to this Linux system and obtain the relevant report on the attack.The main idea I discuss in this thesis is to refine the memos keeping traces of the performances of the presently popular operating systems, e.g. Linux and Solaris, etc., analyse these abstracted memos identical in format with the aid of some tactics utilized in event auditing, separate the sensitive information implied in a number of event memos, make sure the security of the system, educe the results of the analysis on comprehensive events, and timely make corresponding response to the intrusion aimed at the system.Because of the range of the research is too widthy, this research only takes charge of the security event log with the illegality incursion. The virus log and the system misreports is on the others hands.
|
PDF Full Text Request