中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
应用代理防火墙中央日志审计子系统的设计与实现
作者: 张双
答辩日期: 2001
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 防火墙 ; 日志审计分析 ; 会话重构 ; 日志数据 ; 日志信息 ; 知识库 ; 关系数据库
摘要: 本文全面阐述了应用代理防火墙中央日志审计子系统的设计与实现。中央日志审计子系统的目标在于监视防火墙系统的运行,准确把握系统的行为和状态,动态地发现安全隐患,对可疑情况实施预警,评定防火墙系统的可靠性和有效性,协助系统管理员完善系统的配置,大大地降低了防火墙系统的管理难度。本系统的优越性在于它不仅出色地完成了防火墙系统日志审计分析的全部功能,还实现了远程日志和分布式防火墙系统集中管理的扩展功能,具有十分重要的现实意义。在本文的绪论中,我首先简单介绍了防火墙的主要技术及工作原理,并着重介绍了应用代理技术的优点和特点,并进一步指出日志审计子系统在防火墙体系结构中所处的重要位置。应用代理防火墙系统是中央日志审计系统致力于加强的对象。本系统的设计和实现采用Client/Server结构的计算模式,中央日志审计系统作为服务的提供者面向多个防火墙系统。除了功能性要求外,中央日志审计系统的性能也是设计和实现时必须考虑的重点。我在第二章中阐述了系统目标和体系结构,并指出系统运行时需要达到的性能指标。至于如何实现并达到既定的性能指标,将在随后的每章中做具体描述。实现本系统需要完成两大方面的内容,即完成防火墙系统日志数据的采集和传输,以及中央日志审计。第三章主要针对防火墙系统部分进行了阐述,包括定义日志表示原则和方法,选择审计点和实现日志数据的加密传输等。中央日志审计部分又分为服务器端和人机交互部分。服务器端主要负责接收、过滤、解密、保存远程日志数据,实时地后台分析原始日志数据,生成中间结果数据库,并根据知识库对危险情况实施报警等功能。除此之外,还要实现对知识库和服务器端的配置。服务器端的设计和实现将在第四章进行介绍。第四章中还介绍了人机交互部分,包括方便友好地提供查询手段,生动直观地展示防火墙运行状态,针对安全隐患提出可行的解决方案等。第五章是对全文的总结和展望。
英文摘要: This paper addresses the design and implementation of central log auditing subsystem for application proxy firewall. The tasks of central log auditing subsystem are to monitor the behavior of the firewall system, to obtain the actual running state, to find out the hidden trouble dynamically, to give out alert when detecting suspicious security problem, to access the reliability and validity, to assist administrator in updating the configuration and to reduce the management difficulty. Central log auditing subsystem not only implements all basic functions of firewall log auditing system successfully, but also adds lots of extended functions such as remote log and central management for distributed firewall system. In introduction chapter, I present an overview of firewall technologies and theories, put some emphases on the strongpoint and features of application proxy which my system is intended to enhance, and point out the position of log auditing subsystem in the whole firewall architecture. The central log auditing subsystem adopts Client/Server mode, and will provide services for several firewall systems. Besides functional requirement, the performance is an important aspect during design and implementation. In the second chapter, I address the system target and architecture, and bring forward the running performance demand. The detailed methods to reach that requirement will be discussed in the following chapters. This system consists of two main parts, i.e. collection and transmission of firewall log data and central log auditing and analysis. Chapter 3 is for the first part, including the principles and methods of defining log data, selecting the audit point and encryption algorithm, fulfilling the transmission of encrypted log data and etc. Central log auditing and analysis module is made up of two subparts, i.e. the server and man-machine part. Server is responsible for receiving, filtering, decoding, and storing the remote log data into original database. Background analysis thread will extract the content of original database, reconstruct the session and generate the intermediate database. With the knowledge base, server will give out alert when necessary. Meanwhile, configuration of knowledge base and server and user management will also be achieved. Chapter 4 puts focus on the design and implementation of server. Also, in he chapter 4, I introduce the friendly man-machine interface of central log auditing system, like the convenient query means, clear-cut visual show of firewall state, helpful security tips, and etc. Chapter 5 is the summary of this thesis.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7450
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW004436.pdf(2178KB)----限制开放-- 联系获取全文

Recommended Citation:
张双. 应用代理防火墙中央日志审计子系统的设计与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2001-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[张双]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[张双]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace