Research On Audit Record Analysis System Based On Host And Design

With system security is becoming more and more important, audit system also becomes a important supplement part of security tools such as vulnerabilities scanner and intrusion detection system. One the one hand, it helps system security management to find system vulnerability efficiently and prevents big security events happening. On the other hand, after security event happened, system security management can check the reasons of the events, find vulnerabilities and the source of attack with the help of audit system. Through the way providing the character of attack, audit system can help the intrusion detection system that based on misuse detection to define new detecting rules. Meanwhile audit system also can find attackers under some circumstances, it can beat criminal act as a tool of cybercrime computer forensics. So, research on audit system based on host system has great theory and practice meaning for improving computer's security.This paper mainly focus on the construction of the audit system based on host, including getting audit records, analysis of the audit record and browning result of audit analysis. First, it discusses some kinds of audit system model and analysis method of current audit analysis system. Second, under the guideline of audit workbench concept and in connection with disadvantage of analysis method, which only can doing some simple strings search or filtering record by time condition and can't relating audit record from different aspect, the paper proposes a new audit system model, which based on orient-object analysis method, using construction similar as semantic net and presenting the relationship by using audit meta objects and chain objects. In this novel model, by the way of audit record parse grammar, it deigns and constructions audit record preprocessor which can converting audit raw data into universal format; it also develops some audit analysis algorithms based on different audit target. Second, it builds a browning for display audit analysis result and the relationship of audit meta objects through visual way.Finally, this paper designs some tests to check the new audit system model. Results provide that it can completing most of audit requires more efficiency compare with other current audit systems and remedying disadvantage of current audit system.