Design And Implementation Of Network Audit Service System

Since the beginning of the 21 st century,based on the widespread application of 802.11 protocol-stack WiFi network in commercial and domestic environment,cyberspace has become an important place for social activities and business contacts with the rapid development of China's Internet.Moreover,traditional supervision means are no longer applicable to the network environment.Therefore,the importance of network information security is increasingly prominent.In order to meet the needs of network information security and network supervision,this task is going to design and realize a Network Audit Service System based on Internet security protection technology that measures according to No.82 Regulations for Internet Security Protection Technology Measures of the Ministry of Public Security Order of the PRC.The system aims at the field of wireless public WiFi network services from the perspective of network service providers.This paper will elaborate the design and realization ways of the Network Audit Service System,including the overall requirements analysis,classification of system function,realization of module function,comparison of performance test and practical application effects.Firstly,the system takes the data review requirements of the network supervision department as the background.It takes the embedded network device as the hardware platform for the system operation and takes the Linux system as the development environment to build the WiFi network as the test scene,realizing that the terminal users can identify the user's identity information and online behaviors in real time.The system is divided into three modules according to its functions: identification module,audit module and communication module.The three modules are mutually independent,achieving the high-cohesion and low-coupling design.The identification module,based on the realization of Web identification technology,provides an identity recognition service for the terminal users within the coverage of the public WiFi network.The auditing module,based on the realization of Deep Packet Inspection(DPI),provides a service of recording on-line behaviors for terminal users within the coverage of the public WiFi network.The communication module,bases on the realization of private communication protocol according to UDP protocol,mainly includes socket and netlink.It is used for the audit data among modules or between the device and the server.This paper will make detailed design for each functional module,discuss the adopted technical schemes,draw the sequence diagram related to business logic and gives the realization of partial programming.The comparison test of the actual scenes will also be visually presented in the form of a chart or others.The system has been put into use at present,providing a network auditing solution with strong portability and high operational stability for the network equipment manufacturers.The security gateway that integrates the Network Audit Service System has passed the equipment inspection of the Information Security Product Testing Center and the Computer Information System Security Product Quality Supervision and Inspection Center of the Ministry of Public Security,and it has also obtained relevant certificates of special products for computer information system security.Under the premise of ensuring the secure access to the Internet by terminal users,the security gateway can not only save network deployment costs for network service providers,but also serve national network security strategies and cyberpower construction.