The Research And Implementation Of Security Audit System Based On Digital-watermarking Log

With the convenience contributed by rapid development of information technology and Internet, numerous security problems have been introduced. Therefore, the research of security in computer information system has arisen the attention and recognition increasingly. As traditional methods of network security, firewall technology and intrusion detection system (IDS) both have their shortcomings and limitations. As an indispensable part of the complete security framework and a complement of firewall system and IDS, Security Audit System (SAS) can detect some special potential security violations that IDS can't find out; it can record the intrusions and recur them at any time for us to get network intrusion evidence. It can also be used to pick up some unknown or undetected intrusion modes. In the process of security audit, Reliability and integrity of log is the foundation and kernel. But the traditional log is stroraged with plain text, and can be easily modified or destroyed lawlessly. The definition of log is incomplete. The log is usually stored at the local machine, the capability of storage is limited, and audit analysis is limited to the function of simple inquiry. This paper shows that the security of log can be improved by the combination of digital-watermarking technology and traditional encryption, and modification and falsification of the log can be well avoided, and the digital-watermarking log is storaged in the remote log server through the Virtual private network (VPN). The process of audit and analysis based on digital-watermarking has more reliability and stringency. Therefore, the result of audit has much higher validity and authority. Specifically, the contribution in the paper includes the following: 1. Analysis and explanation of the model and process of the current security audit system and a comparison between two types of security audit is included. 2. Analysis of the correlative technology and model of digital-watermarking, and implementation of the model of adding watermark and validating watermark. 3. The long-distance security log server is set up, and logs can be stored in the long-distance log server through virtual private network (VPN). 4. A definition of different log files in the log server is made, and the integrity of the files is secured by modification of the head of the files. 5. Implementation of the model of security log audit based on correlative files is made in the log server, and the rule library of security audit is defined with reference to the rule library of snort. 6. The fields of logs, the rules and results of the security audit are defined and illuminated in the log server.