摘要
安全审计愈来愈受关注,但是大多数分布式安全审计系统仍不成熟。首先阐述了分布式安全审计的概念。然后介绍了一个基于数据挖掘技术的分布式分层的安全审计系统的功能及体系结构设计,并详细阐述了XML日志格式、多模式串匹配、模糊聚类和关联安全规则等系统设计实现中采用的一些重要技术。提高了检测效率和发现未知攻击的能力,增强了系统的安全性,可以有效的对整个系统进行安全级别的评估。
Security audit catch more and more attentions. But most distributed security audit systems are immature. Firstly, the notion of distributed security audit system is introduced. Then a distributed multilayered security audit system based on data mining techniques is proposed. The design of system functionalities and architecture is emphasized. At the same time, some important implementation techniques are specified, including the XML log format, multi-string matching, fuzzy aggregation and association security rules. The ability of detecting efficiency and discovering unknown attack is improved, the security of the system is enhanced, and evaluating the security level of the whole system is availability.
出处
《计算机工程与设计》
CSCD
北大核心
2007年第4期811-813,共3页
Computer Engineering and Design
关键词
安全审计
分布式
入侵检测
数据挖掘
日志
security audit
distributed
intrusion detection
data mining
log
