Research And Realization On Recording And Analysis Of Real-Time Event

With the growing application area of network, it aroused more and more attention about the potential safety hazard brought by using it. However, the traditional defense methods cannot satisfy the demands of modern information network. More network managers find they can do nothing when all kinds of security schemes face to destroy information changed quickly. Then recording and analysis of real-time event is put forth. This system abandons the old strategy that based on defense but less effective, carrying out the active information register instead of the passive defense. The important datum are saved timely and reliably.This system has two parts, recording and analysis. The recording system's main function is to record the system's process data, required memory of every process, which module is called when the process is started, sending and receiving datagram on network, the port's using condition, and so on. The analysis system's main function is to analyze datum which recorded in recording system, it can help autonomy regulation system make decisions.Firstly, this article analyzes related work about network security, then designs the whole recording and analysis of real-time event's framework combining network monitoring system, disaster recovery system and forensic computing system's advantage technology and function demand of system itself.Secondly, puts forward problems which should be considered in the whole design, for example, time synchronization and great capacity data storage. We also give solution for each problem. According to the whole recording and analysis of real-time event's framework, each module is detailed designed separately.Thirdly, the concrete implementation of each module is given. And according to the key tasks' running state, we implemented load's dynamic feedback mechanism. This can accord to each time's demand to adjust the interval to record datum.Finally, we used rough set theory to analyze datum, and use an attribute reduction algorithm based on improved genetic algorithm to reduce attribute and derive decision rules. Experiment results show that decision rules which are derived can reflect system's running state to some extent. It can help autonomy regulation system make decisions.