【作者】 余静；

【导师】 马自堂；

【作者基本信息】 解放军信息工程大学 ， 军事通信学， 2007， 硕士

【摘要】 信息系统审计是保障信息系统安全的重要环节之一。随着信息系统向大型分布式系统发展,审计事件类型大量增加,传统的对单一层面上的集中式审计已经不能适应信息系统的发展需求。同时审计记录量的急剧增涨,集中式的审计分析处理将消耗信息系统过多的带宽和资源,严重影响应用系统的效率,对事件记录的审计分析也给管理员造成繁重的负担。信息系统业务的动态扩展,传统紧耦合的审计系统结构很难适应其业务扩展的需要。Agent具有自治性、智能性、协作性等特点,基于多Agent技术的审计系统在解决复杂、动态、分布式、智能等系统应用问题上具有独特的优势。因此,研究Agent技术,设计基于多Agent的审计系统是一种新途径和新方法。本文在深入研究信息系统审计技术和Agent技术的基础上,根据信息系统审计的需求和分布式信息系统的特点,基于多Agent技术,提出了审计系统的设计方案,构建了能够进行分布式、多层次数据采集和智能监测的审计系统体系结构,具有良好的灵活性和可扩展性。设计了系统的通信机制,有效解决了系统通信信息的动态更新问题;设计了系统的协作机制,重点提出了协作推理算法,实现了多Agent协作完成分布式审计分析的方案,解决了审计数据分布式存储和分布式审计分析问题,避免了大量数据在网络传输造成的瓶颈,并通过给出的时间验证和目标函数机制保证了协作推理的正确性和实时性;详细论述了系统的关键技术及其设计方法,并实现了审计系统的主要功能。更多还原

【Abstract】 ISA (Information System Audit) is one of the important teaches to ensure the security of information system. With the tendency of the development to the large scale distributed information system, types of auditing events increase greatly, the traditional, centralized auditing in single aspect cannot meet the requirement of the development of information system. At the same time, the auditing quantities of memorizing increase drastically, the centralized auditing analysis has to consume superfluous resources and bandwidth of information system, which badly tamper with efficiency of systems’ efficiency. It burdens the administrators of system heavily to analyze the audit event. With the operation of information system extending dynamically, the strict-coupling architecture of traditional audit systems is hard to accommodate the requirement of the operations’ expansibility. Agent is with characteristic of autonomy, intelligence, cooperation, etc. The audit system based on multi-agent has the unique predominance to solve the complicated, dynamic, distributed and intelligent application process. So to research the Agent technologyies and design the audit system based on multi-agent is a a new approach and method.In this thesis, the ISA and the Agent technologyies are deeply researched. According to requirements of ISA and characteristics of distributed information systems, the design scheme is presented and the audit system’s architecture is constructed, which can collect distributed and multi-layer data and surpervise the condition of information system intelligently. This architecture has the better agileness and expansibility. The communications mechanism is designed to solve the dynamic communications’ information of the system. The cooperation mechanism is designed and an algorithm of cooperated ratiocination is proposed in particular to realize the scheme of distributed audit analysis with multi-agents’ cooperation. In this way, the audit data which is stored in distributed has been audited and analyze in distributed mode avoiding transmission of large numbers of data in network that lead to the bottleneck in network. Then the correctness and Real-time mechanism are ensured by time validation mode and the Goal function. At last the thesis discusses the key technologies and design approaches, and then achieves the main function of the audit system.更多还原