| With the development of information technology, computer security has become increasingly prominent, while addressing methods about security issues, such as firewalls and intruding detection. But each kind of security technology has its own limitations, which have our network and systems facing severe challenges.Security audit provides us with a multi-layered security strategy. Security audit is the right computer security incidents recorded and analysis process, and in the event of system security issues, to help administrators to process large quantities of data for effective analysis and the achievement of the crime process replay.How to find out unusual event in integrated mainframe system log and pick-up network data effectively is an important issue of the safety audit, because many safe events always hide in the complicated data of security audit. In order to find out such events, keywords searching, statistics method are applied in this paper to analyze the Linux host logs and network alert and then get the normal and abnormal suspicious events. The feature fusion method is adopted to analyze abnormal suspicious events by using both host and network characteristics. Experiment shows that the three analyzing methods proposed in this paper can find out security events and wrong actions correctly, such as Dos.According to the analyzing abnormal events and network alert information, multi-level fuzzy comprehensive evaluation is adopted in this paper to evaluate them synthetically, and the evaluated result of a given period is expressed as a security state chart using visualizing technique. By such chart, system manager can have a clear realization about the whole security state. Experiment suggests that we get a reasonable evaluation of security state and system manager can easily know the whole situation about security through the visualized security evaluated result. |
PDF Full Text Request