| With the rise of cloud computing and the popularity of cloud desktop,more and more enterprises and individuals are transferring Desktop Services to the cloud.While cloud desktop brings convenience to people,its security problems can not be underestimated.In order to deal with the serious internal threats,we must audit the operation behavior of cloud desktop.The operating behavior data of Windows graphical cloud desktop are image data.Most of the existing audit schemes need to install Agent monitoring or recording screen for after-event audit,which can not meet the lightweight,automation and real-time requirements of audit work.Aiming at the security audit problem faced by graphical cloud desktop,this paper designs and implements an operation behavior audit scheme based on Optical Character Recognition technology,which realizes the collection,recognition and behavior audit of user's operation pictures on proxy server.It does not need to install any agent software on remote cloud host.It is a non-intrusive method.Input Lightweight Audit Scheme.The system is divided into cloud desktop operation image acquisition module,operation behavior recognition module based on Optical Character Recognition technology,security audit module based on large data analysis and message publishing/subscribing module.For the image acquisition module of cloud desktop operation,Guacamole is used to build a remote desktop service gateway to realize users'access to remote cloud desktop and real-time acquisition of user's operation behavior image data on the gateway.For the operation behavior recognition module,OCR technology based on deep learning is used to train text detection and text recognition model on the built data set to achieve self-realization.The recognition rate reaches 91.4%.It can automatically recognize the text information on the pictures and convert the image information which can not be automatically processed by the computer into text information,so as to construct the operation behavior log.For the security audit module,the audit rules of system operation,operation and maintenance operation and file editing operation are formulated,and the operation behavior log is analyzed by using the real-time computing Storm framework.Mail alarm is used for events that hit audit rules and the alarm rate reaches 74%.Each module of the system is connected by message publishing/subscribing module,which has low coupling and high stability.This system can strengthen the deficiency of graphical operation audit in security audit,and enhance the ability of business operation risk monitoring,early warning,analysis and post-event traceability.Function and performance have achieved the desired results. |
PDF Full Text Request