| People's lives in modern society are profoundly changed due to information technology. There is also increasing emphasis on information security issues. However, people's attention is only focused on preventing external attacks, internal security is neglected. The information systems of government and company have important data stored, the internal staff's misuses and illegal operations toward the important data cause considerable losses to these organizations. In order to solve internal security problems, security audit system is proposed as a solution. Security audit system can record the user's actions and block the user's illegal operations in a timely manner. The log information can provide evidence for the computer forensics. Security audit system deters the staff from doing illegal operations and guarantees the internal security.This paper studies related technologies and standards of security auditing, designs and implements a security audit system for various types of applications. This security audit system mainly consists of three parts: data collection, data analysis and logging. Data collection objects include files, registries and processes, also include user's operation process toward applications and web system resources, achieve a comprehensive monitoring of user operations. Data analysis uses rule-based method. Auditors define the audit rules. Security audit system responses to illegal operations in accordance with audit rules. For user's operation process toward applications and web system resources, this paper proposes method of operation sequence auditing. Logging records the user's action, and provides evidences for the computer forensics. |
PDF Full Text Request