| Nowadays, a huge number of infomation has been stored in servers and databases, which would result in the loss or interception of data. Use log as security audit data source is a hot research topic in recent years. Through the log audit, the auditing officer can monitor the enterprise internal staff operational and IT system operating activities, discover anomalies and unnormal operation in time, minimize the potential safety problems caused by internal.This issue is based on such a practical project background,designs and realizes a security audit management system based on the log.According to the the requirement of the enterprise,we use the kinds of application system log and also the log about hosts and network equipments as the data source of enterprise security audit management. Through the audit of original log by using th correlation analysis, keyword analysis, and then give audit alarm, provide audit reports according to audit results, finally achieve the goal of monitoring the behavior of the internal people of enterprise, reduceing the enterprise internal risk.This paper explains the topic research background at the first, introduces the related technical knowledge about log audit, include log collection technology and data mining technology related to log analysis technology, and proposed an improved FP-Growth algorithm for mining association rules based on the existing technology, Then it comes to the design of whole system, which give emphasis on the log standardization and log audit. Finally, we accomplish the development of the security audit system based on the design and the improved association rule mining algorithm. |
PDF Full Text Request