The Design And Implementation Of Military Webim Tool Audit System

As the Web IM(Webpage Instant Message) tools being used in military network, we need to audit the Web IM users’ behaviors and communication contents. This paper constructs an audit system in order to meet the audit demand for military Web IM tools.Firstly, the paper discusses the development status of network information security audit and Web IM tools. Then it discusses the Linux system kernel loading function, netfilter architecture which based on Linux and netfilter architecture routing. It designs a military network Web IM tools audit system which is mainly composed of audit drive module, application layer audit module, data storage module and management module. The audit drive module works in inner nuclear layer. It mainly completes the following tasks, that are capturing and recognition Web IM date packets, sending the data packets to the application layer audit module. In order to get the current packet behavior and content, application layer audit module receives the data packets sent from audit drive module, and carries out multiple patterns matching according to a specific Web IM and http data types. Then it submits formatting information to the data storage module. The network administrators can query the data through the interface which is provided by the data of the memory module.The paper focuses on designing the audit drive module and application layer audit module. Audit drive module uses BM algorithm to solve the problem of data identification pattern matching, the Linux kernel connection tracking mechanism to solve data packet marking, the netlink mechanism to solve the communication between the kernel and application layer. Through wireshark, application layer audit module studies the typical communication process in web qq, concludes the Web IM tools communication general rules. Then it stores the rules as configuration file. The paper describes how to realize the data identification and classification. Finally, the audit system is implemented and tested in military network environment. The experimental results show that, military network Web IM tools audit system can complete auditing the Web IM users’ behaviors and the communication contents.