| As the Internet develops more and more quickly, the computer network is becoming more and more important in national informalization and economic development. It results, however , that the network becomes the attack target . And in another hand, most of the existing security products emphasize on the prevention of outside intrusion and the behavior of insiders is less considered. It's in this background that the Network Security Foundation Lab of UESTC began to research network security technology.Our research project is basic condition platform construction project of the national science and technology of the Ministry of Science and Technology. This paper researches the security audit techniques which watch and track actions in network information systems, and develops audit tool software. On the base of technology research, we will constitute technology standards that have own intelligence property, so that we could enhance network recovery capability to protect important computer information systems.Now, we have completed the network datagram collection on single computer, decoded the IP,TCP,UDP,and HTTP protocols, and researched the architecture and communication framework of the distributed security audit system. The main content is as follows:1. Researched the TCP/IP protocols for decoding them ;2. Communication mechanism of the muti-agent system, we put emphasis on KQML and XmL;3. Made research on CORBA;4. As for the architecture of the distributed security audit system, through researching on the model provided before, we have some new idea, that is using the agent technology and CORBA in the former architecture, and we think the database in this system should be managed solely. |
PDF Full Text Request