| Main function of the security log audit system is real-time security monitoring and self response after the event occurred and the system access behavior analysis of a second time audit to find out the attacks and invasions of the system. The post-audit module is the central module of the system and the main purpose is to ensure system security and integrity. The content of this work is to study the overall system architecture and the design of a post-audit algorithm based on Bayesian network.The first part describes the branches of data mining technology, explained the various techniques of data mining resources, and then through the analysis of security log audit system, describe the reason of why select the classifier as main technical of the post-audit process. Then introduced the basic concepts and background knowledge of Bayesian classifier by analysis several common Bayesian classifiers, in order to propose an appropriate Bayesian belief network model and algorithm applied to specific scenarios. The algorithm need to pre-process the log information, divided into a sequence of common system calls, after constructing a suitable Bayesian network structure we can using a search algorithm to scoring the sequence based on the network structure. This method can ensure the completeness of the log analysis system and prevent the failure of the audit.The last part of this article describes the design and achieve of the security log audit system. The main purpose of security log audit system is to collection, aggregation, analysis, storing logs, in order to achieve internal network security and stability, Warning hacker attacks, viruses and report the abnormal state of network operating systems and network equipment, to meet the needs of network services security. Then the article describes the system design, and based on the design the system implementation of real-time audit and post-audit, and data storage are described. |
PDF Full Text Request