Research and Design of Security Audit Log System Based on Web Application

doi:10.3969/j.issn.1671-1122.2014.10.013

Abstract

Abstract:

In recent years, with the Web applications technology continuing to progress and develop, there are more and more demands development about Web application services, and then the attendant Web application security attacks are also on the rise. The technical means for cyber attacks are endless at present, but they are generally pre-detection and deal with things in the progress, the corresponding post-detection for less maintenance. In the network center, there are a large number of the server’s equipments, Web log files as part of the server detail a variety of events happening every day of equipment system, such as client access to the server request records, hacker intrusion on the site records, and so on. Therefore, in order to effectively manage the maintenance of equipment and timely reduction in the risk of attacks, analyze audit log for later inspection and maintenance of safety equipment is necessary. Based on this, mainly research and design of security audit log system based on Web application, log audit system consists of three subsystems: the subsystem of log acquisition, the subsystem of analysis engine and the subsystem log alarm. The subsystem of log acquisition uses multi-protocol analysis to collect log, and to process the corresponding log normalization and de-emphasis. The subsystem of analysis engine uses the rule base and mathematical statistics method to extract the log feature and set the appropriate statistic parameters, and then to do the comparative analysis. The subsystem log alarm is the main configuration tasks appropriate policy and issued for the audit results show interface, or generate reports and send messages to users.

Key words: log collection, multi-protocol collection, analysis engine, audit management

CLC Number:

TP309

DUAN Juan, XIN Yang, MA Yu-wei. Research and Design of Security Audit Log System Based on Web Application[J]. Netinfo Security, 2014, 14(10): 70-76.

Figures/Tables 11

References 15

[1]	梁莹. 基于“WEB日志挖掘”技术的校园网络日志分析与安全审计[D]. 重庆:重庆大学,2009.
[2]	熊艳. 基于网络日志的安全审计系统的研究与实现[D]. 上海:上海交通大学,2002.
[3]	周琪锋. 基于网络日志的安全审计系统的研究与设计[J]. 计算机技术与发展,2009,19(11):139-142.
[4]	韩松言. Windows日志审计系统的设计[D]. 沈阳:东北大学,2009.
[5]	石彪,胡华平,刘利枚. 网络环境下的日志监控与安全审计系统设计与实现[J]. 福建电脑,2004,(12):43-44.
[6]	宋擒豹,沈钧毅. Web日志的高效多能挖掘算法[J].计算机研究与发展,2001,38(3):328-333.
[7]	施建生,伍卫国,陆丽娜,等. Web日志中挖掘用户浏览模式的研究[J]. 西安交通大学学报,2001,35(6):621-324.
[8]	邢东山,沈钧毅,宋擒豹. 从Web日志中挖掘用户浏览偏爱路径[J].计算机学报,2003,26(11):1518-1523.
[9]	石彪,胡华平,刘利枚. 网络环境下的日志监控与安全审计系统设计与实现[J]. 福建电脑,2004,(12):43-44.
[10]	殷秦. 基于云计算服务的Web性能测试服务系统开发[D]. 北京:清华大学,2010.
[11]	梁广泰,王千祥. CODAS:一个易扩展的静态代码缺陷分析服务[J]. 计算机科学,2012,39(1):14-18.
[12]	王海峰,夏洪雷. 入侵检测系统的局限性分析与解决策略[J]. 临沂师范学院学报,2006,28(3):110-113.
[13]	Spinellis D, Louridas P.A framework for the static verification of API calls[J]. The Journal of Systems and Software, 2007, 80(07): 1156–1168.
[14]	Ayewah N, Pugh W.Evaluating Static Analysis Defect Warnings On Production Software[C]//Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, 2007: 1-8.
[15]	Hovemeyer D, Pugh W.Finding More Null Pointer Bugs, But Not Too Many[C]//Proceedings of the 7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, 2007: 9-14.