Research And Implementation Of Key Technology Of Application Security Audit

With the spread of applications of network and development of enterprises informatization, matters of network and information security become more and more serious. Meanwhile, people have improved their understanding of network and information system security they have widened and specified the concept of security from the initial firewall to intrusion detection, vulnerability scanning, and network security audit. As an important part in computer application security, security audit has drawn more and more attention. In particular, data mining based distributed application audit is one of the main research objects.The research theme of this paper is the key technologies of application security audit system. Generally, the security audit target is common operations, such as the violation operation occurred on the network, the visit to some certain files or web pages, or invasion on a certain target host. However, these audits which are all in the network or operating system level can not go deep into the level of the application systems audit operation. Therefore, the application system operation audit is especially needed, which makes this research innovative. In the process of system design and development, a comprehensive use of computer application system development skill, information system security knowledge, network service and so on are needed, which also has highly novelty.This paper firstly analyses the basic information of security audit system, including the research status at home and abroad, all kinds of auditing standards and also audit general model. After that, it researches the related key technologies in audit system, including communication mechanism, log format unification technology, distributed and data mining techniques. On this basis, this paper designs and implements an application based security audit system. It also presents design philosophy and proposal, system flow, system technology implementation and the application of user interface. Then, based on the research of Association Rules and Sequential pattern mining basic ideas, algorithms and applications, the paper presents an abnormal behavior detection model. In this mode, firstly it establishes normal user's behavior database using Association Rules and Sequential Pattern, and then it judges whether the current mode is abnormal by similarity arithmetic (whole-sequence arithmetic and correlation function algorithm).The system this paper presents is mainly composed of four major function modules, which are central console, central log repository, the audit agent and distributed communication platform. The main task of central console is to manage audit services, receive audit events sent by audit agent. Audit agent is designed to crawl data, take charge of log filtering and formatting and sent events. Distributed communication platform provides the application based audit system a cross-platform communication environment.