| With the development of information technology and Internet technology as well as the accelerating of national information-based course, network security problem is becoming more and more serious. Therefore, how to ensure the online security inevitably becomes a crucial subject. Consequently, investigation on the network safe turns to be vital to us. Studies have shown that, it is far from enough to rely merely on the precaution against the outside invasion. Control on the behavior of inside network and analyze afterwards are more important.Safe Audit technology, namely via recording and check-up of system incidents, can effectively find and take precautions against the inside unlawful action.An investigation is carried out on the technology relevant to the safe audit and a distributed network security audits systematic model is propose. The research is as follows:1. Concept of network security, including safe model, evaluation criterion and daily safe mechanism etc.; Concept and function of safe audit, audit system model and classification.2. Audit systematic structure, characteristics of concentrated type and distributed structure; a study on the system communication mechanism, including the IDMEF message exchange format news advanced by IDWG and realization of XML, the communication protocol model of IDXP (exchange protocol for invasion examination), the communication mechanism that CIDF puts forward; Concept of Agent, the application of Agent technology in safe audit system.3. Origin of target in audit information (including host computer, network and other equipment); application of intelligence analyze technology in safe audit; Question of independent auditing of the behavior of user on Windows platform.4. Bring forward a model for the safe audit system that is investigated from such aspects as system structure , logic model , communication protocol, system security. |
PDF Full Text Request