| As all the countries take the security of the information systems into seriousconsideration, it shows that the leakiness of the secrets and the intrusions from theorganization members always account for a large scale in the security problems. Toprevent this, it is extremely important to enhance the security audit procedure for usingprocess of the inner information in a system.Security audit is one of the most important parts in the field of information security.Firstly, it records everything faithfully and uninterruptedly including users'operationsand other activities happened both in the local computer system and related network.After the event, various means and technologies are used to analyze the data which hasbeen collected automatically. At last, the result can be employed as solid testimony totell the truth whether the information system has been cracked or some users deny theirown activities. Though this method is passive to the attackers in the network, it is agreat help to trace network crimes, and it also deters the stuff from doing the bad things.Therefore it is of great importance to study computer security audit technology.Be carefully analyzing the current accomplishment in the field of security audit, wepresents a possible architecture of security audit system based on Ukey which candeployed in network server in the paper. There are mainly three modules in the system:data collection module, analysis engine module and information publication module.Data collection module is designed for distributed network model, it may have severaldistributed audit collector. Analysis engine module is based on rule libraries to detectpotential security violation, find out the matching pattern, detect the security events, andrecord the security audit trail. Information publication module supplies review andquery of original audit data and audit alert trail to those authorized user. There are threeuser roles including common user, security administrator and system administrator withdifferent priority. Information publication is based on World Wide Web with audit alerttrail. |
PDF Full Text Request