| With the development of the information technology, more and more people focus on the security problem of the information system. Hackers, virus and confidential document leak have become the big threat to the security of our information system. It's not enough to protect the system from the external attacks. The confidential document leaks also need to be considered.So far there are network-based audit products, computer-based audit products and content-based audit products in our security audit system. But, compared with the foreign products, these products aren't powful in data analysis. This paper focuses on the analysis and trace of huge amount of data, chooses C/S and B/S as the architecture, use the data-mining as the core of analysis to audit tracing the users'activities from the view of user model and audit policies. A lot of data mining techniques are used, such as clustering, Hidden Markov Model, Genetic Algorithm, to trace the users'activities.After conducting tests on algorithm and system, the audit system in this paper is accurate, and can be used to detect the abnormal data. What is more, the system is also compatible and can be used for the multi-clients. In function, the system can also be used for many kinds for users'activites (network activities, file activities, computer process). Hence, the audit system in this paper can be used for the large scale and multic-clients environment, such as some big enterprises and government organization. |
PDF Full Text Request