| With the development of Internet, the network security gradually becomes the key question which Internet and each network service and the application further develop.The traditional method is carrying on the safe reinforcement to the operate system, enhances the system itself anti-aggressivity through various security patch, such as intrusion detection technology. The audit-trail technology is one of the most important parts in the field of information security.Firstly, it records everything faithfully and uninterruptedly including users' operations and other activities happened both in the local computer system and related network.This article introduced the knowledge about information security, and carried out a deep study to audit track technology. According to safe system's design philosophy, the paper designed one architecture model of audit-track system which can gathers the network information and analysis it.The system included four modules: data collection,data analysis, system management and information release. The data collection module was based on the technology of SMNP-RMON data collecting acts,it collected the mainframe and network log from many collection points. The data analysis module was based on the BPF model network information filters mechanism,it matched and analyzed the origin audit data according to the rule library based on the rule library and statistics. To ensure the log's security,the system introduced high-speed slows down mechanism in the log storage. The module detected all kinds of events and gets the audit track record. The system management and information release module provided the reports about audit record according to different users;what's more, we managed the parameters in this module too. |
PDF Full Text Request