Design And Implementation Of Net-Audit System Based On Realname Management

"Network Crime" problems in information security field cannot be ignored any more. To exceeding-authority operate, misuse and leak the important information, or to publish illegal remarks in the internet and so on, may cause seriously damages to enterprises and our social, and even to sap our country's security. Because of these, a net-audit product which can record the user's network operations in detailed is of great significance. Currently, the net-audit products have been used gradually by the vast enterprises and institutions as the policy security organs impose these products. However, most of the currently net-audit products exists the following problems:1. Poor performance:The net-audit system is poor in sniffing and data analyzing. Most of currently products can only process the network packets normally under the bandwidth no more than 100Mbps. Obviously, they can not to get with the rapid growth of network.2. High-cost:In order to improve the performance of handling the large-traffic network, Network Services Accelerator(NSA), Data Acquisition Divider Unit(DADU) and other hardware which can improve the performance of sniffing and analyzing packets are used in the audit-products. These are bound to cause cost push.3. Audit records anonymity:The audit records are related with the IP and MAC address, but not natural person. Especially when several person shared a computer, then even find illegal behaviors it is hard to determine who did.4.Lacking audit recodes analysis:These products out put large number of original behavior records, but lacked in process and analysis those record so as to relate with the user's virtual identity. In order to improve these weak-points in most of the current net-audit products, this thesis has researched deeply to the key technologies of fast packets channel (FPC), and developed a FPC packet-capturing engine based on Direct Memory Access (DMA). The engine modifies the network card driver of a normal hardware platform so as to improve the performance of sniffing, accordingly to reduce the coats and promote the process performance of the audit product, so that it can running effectively in large-traffic network. To carry out the real name identification system, a Windows Active Directory Server has been set up, and every user assigned an account number. Different people are assigned for different access policy on internet. The system synchronizes with the Windows Active Directory Server and related user's information with the internet behavior records, so as to record the network behaviors on real name. Finally, a virtual identity subsystem has been set up. The subsystem using the data mining technology to analyzing the original net-audit records to build a virtual identity information database, thereby, strengthened the net-audit system based on real name.This thesis introduced the design of the main frame of net-audit system detailed. This system has been developed already and put into business. The testing and running indicate that this system is stable and running perfectly in kinds of networks.