摘要
文章针对服务器系统被攻破之后,如何保护服务器系统所记录的日志,为以后系统的恢复提供依据,并且提高系统自身生存能力的难点,提出将日志记录按照一定的格式进行分片,将不同的分片存储在不同的日志服务器上的容侵策略。当需要进行日志还原时,再将日志分片组合成原来的日志。构建了系统的异常发现贝叶斯网络模型,该模型根据用户访问日志服务器所提供的特征信息,可以判断出该次访问是否异常行为和所访问日志类型,从而在海量日志信息中快速定位受攻击的服务器及其日志片段,以最小的系统开销恢复可能已经被破坏掉的某一类日志记录。该方法在一定程度上保证了日志记录服务器中日志记录的准确性和正确性。
A discussion is made on how to protect logs of a clustered system of servers for providing recovering information after the system is intruded in order to improve its viability, then an intrusion tolerance policy is introduced that logs are divided into different portions, these portions are stored into many different log servers, and can be combined together to form correct logs when necessary, a Bayesian network is created which can be used to judge requested types and accessed logs according to characteristic data from requesting information of users so as to locate those attached log servers and destroyed portions quickly in sea-quantity information and recover logs service system at a lowest cost. This method protects veracity and validity of log information to some extent.
出处
《微电子学与计算机》
CSCD
北大核心
2006年第12期53-57,60,共6页
Microelectronics & Computer
基金
国家863高科技发展计划项目(20042240)
关键词
日志
客侵
贝叶斯置信网
Log, Intrusion tolerance, Bayesian belief net