【作者】 程真强；

【导师】 吴迪；

【作者基本信息】 大连理工大学 ， 计算机应用， 2007， 硕士

【摘要】 要保证网络信息和内部信息的内容安全，必须要有相应的安全技术的发展。基于内容的安全审计系统可以在被监控对象毫无察觉的情况下，对网络信息的内容进行实时的处理和分析，记录各种信息。这些信息可以让系统管理人员和有关人员事后进行审计和分析，以便及时发现系统存在的问题并采取相应的安全管理措施，同时还能对系统本身可能存在的安全漏洞或缺陷进行预测。本文对网络安全审计的相关技术进行了研究，针对中大规模企业网环境设计和实现了一个基于网络嗅探器技术的网络安全审计系统。论文研究了以下几个方面。首先介绍了网络安全审计系统的研究背景和研究意义，给出了论文的研究目标。从系统结构、数据来源以及网络服务控制等方面对网络安全审计系统涉及的相关技术进行了研究，并详细分析了网络安全审计系统。其次详细介绍了中小规模企业网环境对网络安全审计系统的功能需求及系统体系结构的设计，按照功能划分分别介绍了数据采集、数据解析与处理、网络服务控制和用户界面等各个子系统的设计，介绍了数据采集与存储策略、数据解析与处理等关键技术的研究成果。针对网络安全审计系统应用的实际需求，分别给出了相应的解决方案。然后对系统实现的过程进行了详细的分析，并在此基础上设计和实现了一个分层的协议分析模块。在协议分析模块中，分析和比较了常见协议的解析过程。通过规范接口与内部分层，使得该模块具有良好的可重用性和可扩展性。最后介绍了网络安全审计系统的总体实现模型，以及各个子系统的功能结构和实现机制，具体实现了一个网络安全审计系统，为企业网管理人员提供了一个良好的网络安全审计平台。通过对系统参数进行设置，可以灵活方便地将网络安全审计系统应用于各种不同的实际环境中，以满足不同用户的具体需求。更多还原

【Abstract】 In order to ensure security of data on net, we must develop the corresponding security technology. The security audit system based on content could process and analyze data with no consciousness of clients under monitor. The information then is used by system manager to audit and analyze. So we can find the malfunctions as soon as possible and take action to fix them. Sometimes the information we get from net can help us predict the malfunction and bugs.This paper designs a framework of network security audit based on network sniffer which is suite for medium and big enterprise network environment. And then apply the framework into a real project. This paper contains several parts as following:Firstly, this paper introduces the research background and meaning, and then gives the objective of our research. In this paper some research from the aspects as system structure, data source and network service control concerned with network audit system has been done. And also analyze our audit system in detail.Secondly, this paper introduces the requirements under small-medium enterprise network environment. Then it gives the structure of the security audit system. According to functions, the system can be divided into several parts as data collection, data analyzing and processing, network service control and user interface. This paper focuses on several crucial technology used on data collection and storage, data analyzing and processing. After studying the existed crucial technologies, this paper gives a solution to the practical requirement of network security audit system.Then this paper gives the details of the implement of this audit system and shows a leveled protocol analysis model. In this model, the comparison and analysis among different common protocols are done. This model has a good reusability and expansibility by Standardizing interfaces and internal delamination.At last, this paper introduces the general implementation model of this security audit system, the functions and the implementation of the sub-function units. This System provides a good platform for network manager to audit. It could fit into different environment and serve for different user by different parameter settings.更多还原