Design And Implementation Of Network Behavior Auditing System Oriented To Local Area Network

In recent years, with the rapid development of the Internet, more and more LANs access to Internet using Internet services. However, there are also potential safety problems hiding behind the convenient service that the Internet brings to people. If the network behavior of the LAN internal users can not be regulated,such as accessing to illegal sites or abusing of network resources and other behaviors will not only reduce work efficiency but also lead to LAN security risks, therefore providing a technical solution for post-analysis and accountability is in need. So it is of great practical significance to study the network behavior audit technology of local area network.There are several common technical solutions in the field of network security including data encryption, intrusion detection systems (IDS),antivirus tools and firewalls. But these technologies are focused on the Internet to solve security problems, the LAN level is slightly inadequate,and could not achieve the purpose of monitoring and tracing the LAN user network behavior.This paper studies the principles of current mainstream network behavior audit technology. On this basis, a protocol parsing algorithm based on TCP recombination and sensitive word matching is proposed.This paper starts from the characteristics of LAN network structure, and analyzes the principle of TCP packet capture, the process of TCP session and the format of application layer protocol, analyzes the related algorithms and techniques and proposes methods, then a recombination algorithm based on sequence number and hash table is used to recombine the TCP session, protocol resolution and text restore are used for web pages and emails. finally, an improved multi-character text matching algorithm is used to match sensitive words. Ultimately a network behavior audit system for web browsing and emails of users is designed.The system includes two software subsystems, the front-end web management subsystem adopts the SSH framework, the back-end data processing subsystem uses the multi-thread modularization design thought to guarantee the operating efficiency of the system.System software in the test environment is running in good condition,and has passed the test of the national authoritative software evaluation unit,and has some reference value to the same kind of audit system.