Design And Implementation Of Network Security Audit System

With the drastic growth of the Internet and the speedup of modernization in China, the problem of network security turns to be more critical than ever. So it is urgent to establish a set of network security assurance system. However the popular technologies emphasized on the prevention of outside intrusion and the behavior of insiders is less considered. Auditing systems can prevent and discovering the inside misuse by recording and checking the system event. So it is meaningful to study the security audit technology.Based on the practical project, in this paper studies are made on the technology related to the security auditing and the architecture and the realization of NBAMS (Network Behavior Auditing and Monitoring System) are discussed. The main content is as follows:1. The basic concepts of network security including security model, evaluation criteria and common methods are introduced. The concept and function of security audit are discussed. The model and category of security audit are studied.2. The architecture of security audit system is studied. The characteristics of both centralized configuration and distributed configuration are analyzed. This paper studied the communication mechanism of system. The IDMEF (Intrusion Detection Message Exchange Format) and IDXP (Intrusion Detection Exchange Protocol) put forward by IDWG (Intrusion Detection Work Group) are analyzed. The communication mechanism of IETF (Internet Engineering Task Force) is also studied. The concept of Agent and its application in the security audit system are presented. Then the resources of audit information are analyzed from the aspects of host, network and other ways. The intelligent analyzing technology is investigated. At last the technology of API-substituted is brought forward to auditing the user behaviors independently on Windows.3. As a practical system, the NBAMS is designed and realized. The functional and module design is briefed and the specific realization of log auditing module is presented. The system has achieved the expected goal and has passed the test of China Public Security Department.