Research On Technology Of Network Information System Log Analysis And Audit

With the fast development of internet technology, it helps people to obtain unlimited knowledge and resources conveniently. But internet technology cannot restrict the behavior of its users fundamentally. There are more and more pernicious information and crime in the internet, to control 80% of the system security problems, we have to face following questions: What happened? When did it happen? Who committed it? And what should we do? Log analysis and security auditing towards network information system offers a method to answer these questions.Network log messages provide a primary source of system feedback, but manual review is tedious and error prone. Informatics analysis and auditing technology can be used to detect subtle anomalies in the log message stream, thereby increasing the availability of the overall system. In this paper I first describe the data preparation for log analysis, which includes the collection of the log, the detailed description of several log formats (Syslog, Traffic Log and WELF), and the preprocessing of the log analysis. Then I focus on the method to analyze the log data. There are 4 algorithms and their applications are proposed in this paper: motif matching based on regular expression is used to finish the primary analysis; Association analysis of data mining is used to dig the association rules by Apriori algorithm; Cluster analysis of data mining is used to classify the user action by RIPPER algorithm; Teiresias algorithm which is formally invented for biology is also can be used in log analysis and auditing to mine the frequency motif, which is proved to be a very efficient method. I describe every algorithm's concept, function, detailed implementation and improvement method in this paper.At last, this article provides and designs log analysis based network security audit system model, which allows administrators to set security policy to real-time monitor the action of the users or after-time audit the system security condition. I also discuss the function and implementation of every sub-model of the system.The technologies and algorithms for log analysis and audit in the paper are appropriate to many log formats of most devices and are feasible and extensible, can be applied in many security fields. The log analysis based network security audit system model also provides a general solution for the security management of network information system.