| Nowadays,computer technology has been applied in more and more fields,all kinds of information systems also store more and more important information,information systems include databases,operating systems,communication networks and so on.Its security is a complex and extensive problem,and the occurrence of various network attacks makes information security issues become a topic of increasing concern.As the basis of computer software,the research of security mechanism of operating system lays a good foundation for solving various information security problems.Security audit is one of the operating system security mechanisms.It monitors and analyzes security events to maintain the operating system security.To ensure the security of the system,the security monitoring system needs to record,inspect and analyze the security events in the system.Its main purpose is to enable users to grasp the operational status of the system,abstract the user behavior intent from the underlying concrete operations,detect and prevent illegal operations.The goal of the microkernel architecture is to minimize the kernel and move other system services(e.g.,file system,network stack,etc.)to a user space outside the kernel,thereby increasing system reliability,maintainability,and security.The purpose of this study is to design a security monitoring system on the microkernel operating system that can record the system status in real time and detect potential hazards through the analysis of system logs.The main research work of this thesis is as follows:(1)This thesis focuses on the basic theory of security auditing,analyzes the security standards for information system evaluation at home and abroad and its specific requirements for auditing,integrates the knowledge of security auditing and kernel,and proposes the design of a security monitoring system for the microkernel operating system developed by the team,which is divided into three parts: logging module,auditing module,and intrusion detection module.According to the overall architecture model,the key issues addressed by each module are introduced in detail,and solutions are given for the setting of audit points,audit events,audit content,and audit rules to provide security for the Mginkgo microkernel operating system which is developed by the team.(2)In the intrusion detection module,an intrusion detection method that uses a clustering algorithm to abstractly characterize interactive interfaces for the behavioral similarity corresponding to system calls is proposed.After completing the extraction of semantic similarity information,three classification algorithms,random forest,SVM,and polynomial plain Bayes,are used to determine whether the behavior is abnormal or not,which improves the detection accuracy to a certain extent,and the model with the best effect among them is selected for the intrusion detection module,which improves the detection efficiency of the system. |
PDF Full Text Request