摘要
针对部门内部人员对部门信息实施的一系列不安全的操作行为,构建了一个基于Agent和数据挖掘的分布式终端行为审计平台。采用数据挖掘技术,实时地对系统所产生的报警信息和审计日志进行分析,并自动扩充规则库;同时,采用入侵检测技术帮助系统管理员做出实时的安全策略。考虑到多部门终端地理位置分散的分布式用户环境,系统引入A-gent。该系统为银行、证券、保险、政府和企业等涉密部门的信息系统提供了一个内部可信赖的安全审计环境。
Considering employee' s unauthorized operations and misuse of the information of deparment, this paper constructs a distributed terminal monitor system based on agent and data mining. In this paper, DM technology and intrusion detection technology are introduced to mine alarm information and systern audit logs, make analysis and make real - time security strategy for system administrator. This paper also introduces multi - agents into the distributed user's environment, in order to adapt the multi departments and multi - terminals' environment. This system provides an inside reliable security audit environment for bank, bond department, insurance, government, corporation and so on.
出处
《计算机技术与发展》
2006年第4期141-143,146,共4页
Computer Technology and Development
基金
科技部科技型企业技术创新基金项目(20023211053608)
