| As information technology continues to progress, more and more important business and application apply to intranet. The threats of illegal events, such as invasion, assault, illegal operation, document disclosure, are also increasing. The firewall, anti-virus and intrusion detection system can effectively guard against conventional external attack and vandalism, but they are difficult to detect and prevent the internal illegal operation and special attacks. Log audit can not only solve detection problem but also provide a reliable basis for management and technical measures to prevent these illegal behavior.Log audit is a hot spot in the field of ensurance of information security on intranet,and currently there have been a number of tools for log analysis.But these tools exist some drawbacks like only covering certain aspects of the whole course of the log audit,needing human intervention to complete log analysis. More importantly, the continuous development of information technology need variable application and servers to be use in the intranet.These application and servers generate different log which don't have unified format. The existing tools can audit limited types of log of common systems,such as web,ftp or a few of sorts of log, however they cann't audit various types of log.Aimed the shortage of the existing tools and based on concept of the log, for instance the feasibility of log analysis, the types and format of log, this dissertation designs a framework of heterogeneous log-oriented integrated log audit which is suitable for log generated by most system on intranet and complete comprehensivly analyzing log.According to the designed framework and the whole course of the log audit, including log collection, encryption, transmission, analysis, alert and management, this dissertation completes a prototype for log audit. Among all key technologies, this study focuses on the off-line log and comprehensive analysis of the log. Off-line log is non-real time log. Log collection agent can only collect real-time log, so the purpose of research on off-line log is achieving the goal of log collecting,transmission,auditing in the case that installing of log collection agent is limited.The analysis method of longest common string (LCS) is used for the comprehensive analysis of the log as an exploratory research. On the basis of the log searching, LCS can rationally use of correlation between different types of log to complete comprehensive analysis of the log.The results show that this method can select potential questionable log from the massive log and reduces human workloads and improves efficiency. |
PDF Full Text Request