| This dissertation discusses the framework of integrative information security audit and forensic system. Mainly studies and realizes the unification of log messages and interface of system. The models of log analysis and forensic are mainly studied.In log format and interface: log collection is divided into two parts, log from databases is collected through ODBC, and log from other sources is collected through SOAP. Log message is preprocessed after collected. In unification of log message, establish an integrative log format standardization according to professional standards based on XML technology, and XML files are analyzed by MSXML. Transform log message from various sources to standard format. The interface information of system is described through Web Services, so that users could request and response by SOAP and Http, and the system could be shared through network.In log analysis and forensic: a log analysis model is built. Real time detection based on intrusion characteristic and off line detection based on behavior are combined in the model to reduce percent of drop information and misinformation, and method of log intersection analysis is used during the off line analysis to improve system capability. Wu-Manber arithmetic and Xpath technique are combined to realize fast query of log. The system is represented based on Ontology, so that structure and inside relationship of system are described clearly. PICAP model is used to design forensic model, and the stage of evidence analysis is studied in detail by technique of clustering. |
PDF Full Text Request