Institutional Repository
| 基于RUSSEL语言的安全审计数据分析 | |
| Alternative Title | RUSSEL Language Based Security Audit Data Analysis |
| 高微 | |
| Major | 计算机应用技术 |
| 2004 | |
| Degree Grantor | 中国科学院软件研究所 |
| Degree Level | 博士 |
| Place of Degree Grantor | 中国科学院软件研究所 |
| Keyword | Russel语言 审计轨迹 专家系统 规则 模式匹配 |
| English Abstract | 本文综合已有的安全审计数据分析的实际研究成果和经验,利用RUSSEL语言的特点,给出了一个通用的、强大的、高效的专家系统。本文基于RUSSEL语言给出了一个强大的序列分析评估方法,它是特别针对入侵检测分析的基于规则的方法,适用于B3级的安全审计数据的分析,能够高效地执行大数据量的分析任务。它要求数据源的格式是一种标准的格式NADF,这样就屏蔽了不同类型的审计数据之间的复杂性和差异性,达到了通用的目的。为了更全面地达到通用的目的,本文为RUSSEL设计了一个插件—格式转换器,分析工具能够利用它实时地将各种审计数据转换为标准格式NADF,屏蔽掉不同系统和安全审计机制之间的差异性,使得底层透明,以便于在线检测;本文还为RUSSEL设计了另外一个插件—动作解释引擎,有了动作解释引擎,管理员可以方便地加入定制的功能函数,这样就可以在违规事件发生的同时,形成警报报告,或者执行预先的防范处理动作,同时利用这个引擎,还可以对庞大的审计数据进行在线的规约,从而大大降低了安全管理员的工作强度。这样的一个完整的分析工具能够处理多种安全体系下的审计轨迹分析,能够完成在线的入侵检测工作,特别适用于异构或者分布式网络环境下的工作机群。本文还结合最新的人工智能技术,将基于时间的归纳推理机理论(TIM)引入到分析工具中,提出了对专家系统的改进方案,为进一步的工作奠定了理论基础。 |
| Abstract | Based on various research results and practical experiences, by use of the characteristics of RUSSEL language, this presents a universal, powerful and efficient expert system. The thesis proposed a powerful sequence evaluation method. It was a rule based method designed especially for intrusion detection analysis. It is fitful for the analysis of B3 level security audit data, can undertake efficiently huge amount of data analysis task. This method needs the format of the data source to be a standardized format NADF. By this method, the difference and disparity among various kinds of audit data can be transparent, and then the goal universality can be reached. For the purpose of universality, this thesis designs a plug-in for the language- Format Adaptor. With it, analysis utilities can convert in real time various kinds of audit data to standardized format NADF, for the sake of on-line detection; This thesis also designs another plug-in-action parser engine. By the engine, the administrator can easily add customized function part. Thus at the time of breach event happening, we can submit alarm report in time, or perform some pre-empt actions. Also, with this engine, we can do online reduction to the huge amount of audit data. Such a complete analysis utility deals with audit trail analysis in a lot kinds of security architecture. It can perfonn online intrusion detection work, especially for heterogeneous or distributed network environment computing group. This thesis also combines with advanced artificial intelligence technology, introduces Time-based Inductive Machine(TIM) concept into analysis utility, proposes an improved approach for the expert system. This establishes theory basis for further research and practice. |
| Pages | 53 |
| Language | 中文 |
| Content Type | 学位论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/7540 |
| Collection | 中科院软件所_中科院软件所 |
| Recommended Citation GB/T 7714 | 高微. 基于RUSSEL语言的安全审计数据分析[D]. 中国科学院软件研究所. 中国科学院软件研究所,2004. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| LW014067.pdf(2841KB) | 限制开放 | -- | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment