Research On Technique Of The Network Security Audit Based On Log Data Mining

With the rapid development and the popularization of networks, it has had a great impact ubiquitously on the politics, economic, culture, military and the way of life. However, there could be lots of issues about the security while we enjoyed the convenience of the internet. The technology of Network Security Audit is referred to one of the important pillars of network security technology, as well as anti-virus, firewall, intrusion inspect. In contrast with the intrusion from exterior of the network, abnormal operation of the interior network users could not be discovered easily and could lead to more damage. Thus, use the technology of Data Mining to analyze the Network Security Log to reveal the Association Rules of user's behavior, then audit and find out the illegality to ensure the network security.This article does the research work based on the Network Security Audit along with other correlative issues and discusses some points which are listed below:1. The paper fist introduces the researching background and the meaning of Network Security Audit System, expounds the current state of researching work in the world.Network security audit is one of the important components of network security technology. Foreign experts firstly put forward the idea of applying data mining technology to security audit, in which field our country has also carried out a substantial amount of research and some models obtained good detection results are given as well. However, in the environment with large amount of data, how to find out a data mining algorithm with less memory but higher efficiency in accordance with the characteristic of the user log records to extract the frequency patterns of user behavior should be further studied.2. Studies the common crucial technology of Network Security Audit system, expatiates upon the Log Gain Technology (Log Acquisition Technology), security protection technology and Association Rules mining technology, bring forward the updated algorithms of quantitative association rules of log mining in audit system.On the basis of system security architecture and technical feasibility, a security model of log records is proposed in this paper according to the characteristic of log records which can be read but not be changed(can not be deleted and can not be amended). This model is a level architecture on the security from low to high in which each level has raised a viable solution. So this model provides references for the security protection method of log records.When we employ quantitative association rules on log records to mine user behavior, we should find out the minimum confidence level of the frequent predicate sets firstly and Grid-based method is common used. However, this method will occupy large memory space when it is used in audit log records. In this paper, we use binary sort tree data structure to find the frequent predicate sets and this improvement reduces the memory space occupied. 3. The paper describes an intact system architecture aimed on the objective of system designing, delivers the design about the workflow on the modules of the system and gives out its implementation.This system utilizes all technologies above to achieve network security audit function of user behavior. The system uses various ways to notify security auditor, such as pop-up dialog box, sending e-mail, warning alert according to the danger level of user's abnormal behavior. Audit rules can be automatically and manually added in this system as well which increases its flexibility.4. Finally, the paper confirms the mentioned algorithms of quantitative association rules of log mining on the Network Security Audit System and gets a successful result.