| Real-time audit is the core components of the audit system, which do pattern matching for the log data that according to the pre-set rules of the user, then to detect and find out the subject of attack, generate alarm information. Refers to the key technologies of pattern matching and rules searching in the real-time audit, the papers did some researches and put forward the corresponding improved algorithm.Firstly, in some aspects of pattern matching, the papers based on the characteristics of network security log audit system, to research and improve the Boyer-Moore algorithm and Wu-Manber algorithm, and what's more, correspondingly proposed single-pattern matching improved algorithms of BMLA and multi-pattern matching improved algorithms of LSPWM. And faster matching speed when addition of minimal overhead space. Secondly, in the aspects of rules searching, in order to improve the searching efficiency, the papers based on the mind of conditions hierarchical, proposed an adaptive rule base designed methods, which when generated the rules trees, the system overhead time had an increase of 27.6%, but 38.2% of the search speed have raised when you search the rule base. Finally, the thesis use the above algorithm in the real-time audit module of the audit system, and make a lot of testing, the results show that these algorithms can improve the real-time audit efficiency of the system greatly. |
PDF Full Text Request