【作者】 杨华；

【导师】 方敏； 张勇；

【作者基本信息】 西安电子科技大学 ， 计算机技术， 2010， 硕士

【摘要】 从信息安全风险管理角度来看,针对各类系统的运行日志和用户网络访问行为的审计系统是信息安全保障体系中不可或缺的一部分,因此,日志分析作为网络安全防御系统的组成部分,在网络安全中起着重要的作用。一个良好的日志分析系统能够通过全面的日志及行为分析弥补现有各类技术产品在威胁分析发现方面的不足,并能够为安全事故的责任追查、故障定位提供有力的技术手段。本文在分析了同类产品优缺点的基础上,根据企业用户的实际需求,结合数据挖掘技术的发展,设计和实现了新的可视化日志分析系统。本文首先介绍了日志分析系统的基本概念,简要阐述了日志分析系统的重要性,并对国内外一些类似产品作了对比,分析了日志分析系统的发展趋势和目前的日志分析系统存在的问题。然后,结合部分企业对日志分析系统的实际需求,提出了新的日志分析系统所必须满足的基本功能。在此基础上,本文详细描述了该系统的整体架构、数据库结构、采集分析模块的流程、用户管理界面的结构以及告警引擎接口。重点说明了数据库的设计原则,讨论了海量日志的存储方法,提出以设备或以时间为基本数据表的存储方式,在提高查询效率的同时也极大增加了系统的可维护性；优化了数据采集的方式,提出了增加数据缓存区结合多线程并行处理的方式,极大的提高了系统的吞吐量；提出了日志处理的多层模型,将处理过程分为接收、过滤、合并、分析告警、保存等几个处理层次,分别阐述了各个处理层次的流程以及关键的处理方法,并结合分析过程给出了部分重要的数据结构；描述了日志分析系统中管理程序的设计原则,详细分析了安全模块的设计方法,列举了主要的功能菜单；结合重点属性的关联分析,说明了关联分析在本研究中的具体应用；给出了告警规则的实际设计,并阐明了告警规则中的详细条目以及在系统中具体的应用方法。最后,给出了该系统在实际网络中的测试情况,验证了可视化日志分析系统的设计功能能够满足企业用户的实际需求。更多还原

【Abstract】 From the perspective of information security risk management, the auditing system aiming at running logs of the system for all types and logs of network access is an integral part of information security system. Therefore, Log Analysis, as component of security defense system, plays an important role in network security. An effective Log Analysis System, by the overall analysis to log activities, analyses and complements drawbacks in intimidation detection and analysis made by current various types of products. What’s more, it is able to provide effective technological approaches for trace of responsibility and location of breakdown.Based on researching merits and faults existed in the similar sort of products, this paper, in accordance with practical demand and integrating the development of data digging technology, designs and makes the Visual Log Analysis System.Firstly, this paper introduces the basic concept about Log Analysis System and describes in brief the importance of the System. By comparison with some products resembled at home and abroad, this paper describes the trends of the Log Analysis System and discusses the current problems in the log analysis system. And then, by integrating the practical demand proposed by partial enterprises, the basic function to a new type of the Log Analysis System is effectively displayed.On the base of the above-mentioned, this paper designed the Visual Log Analysis System which meets the new demand from clients and described in details the framework of the system, structure of database, the flowchart of the modules for collection and analysis, the structure of the interface for client management and alarming engine interface. It illustrates designing principle of database, discusses the approach of storage for bulk of logs, and puts forward the storing modes based on equipment or time as the basic data diagram. It promotes the system maintainability with increase of consulting efficiency, optimizes the way of collection of data and proposes the mode of integrity of increasing data cache and multithreading perform, extremely broadens the capability of system. What’s more, it puts forward the multi-layer model of the log dealing, which divides the process into receiving, filtering, connecting, analyzing-alarming and storage, and separately describes the flowchart of each layer and crucial dealing ways. The design contrives data structure of partial section by linking analyzing process. It illustrates the designing principle of management program under the log analyzing system and the analyzing in details the designing way of safety module, and lists main function menu. Besides, it states the specific application in the research of linking analysis in connection with key attribution. Moreover, practical design of alarming principle is shown, which displays specific items in the alarming principle as well as detailed usage in the system. It eventually shows the details in real test environment and verifies the function designed of Visual Log Analysis System which is able to attain the practical need of clients.更多还原