Research And Design Of Security Audit Log System Based On Web Application

Currently, the security audit approaches of log security audit system is mainly divided into two categories:unstandardized-processing and standardized-processing, the main difference lies in whether the log is normalized. The processing object of first method is unstandardized log, the system does not clean, deduplicate logs and do other treatments, but the acquisition of the log data directly stored in the storage terminal, which will make the system store a lot of unnecessary and even repeated logs; On the other hand, the audit log analysis will result in a waste of system performance, since the log format is not unified (ie the existence of diversity), the system should be allocated certain resources to identify log format. The second method is standardized log, the collected logs will be unified format and stored to optimize logs’storage and facilitate the analysis of log audit system, but the user or administrator wants to view the raw logs (ie not normalized log), they need to re-capture device logs. In addition, the algorithm of existing log audit system’s rule base is based on an improved Apriori, when each a frequent item set is generated, the system will need to re-scan the log, so it is a far less efficient than immune genetic algorithm.To solve the above problem, research and design of security audit log system based on Web application, the main work includes the following aspects:(1) Propose animmune genetic algorithm based on strong association rules to extract log rules, rule base can be updated freely through memory cell differentiation, antibody promotion and suppression, and according to the minimum support and confidence based on strong association rules to draw more accurate log rules.(2) Design the log audit system, which consists of three subsystems: log acquisition subsystem, analysis engine subsystems and Log alarm subsystem. Log acquisition uses a method of distributed deployment and logging processing standardization-to improve traditional centralized log collection and reduce the pressure on log shipping communications; analysis engine uses (1) improved algorithm.(3) Use Python and C++language to program the system.(4) Take advantage of testing methods based on black box to test the system.The test results show that the system can solve the distributed log collection deployment and the extraction efficiency and updating of large amounts of data logging rules, and other issues.