摘要
数据审计已成为网络安全领域一项重要的安全手段,主要用于对网络背后的用户行为进行监控管理,数据审计手段与具体应用和协议紧密相关。本文讨论了基于SSH协议的数据审计问题,主要关注的是SSH审计过程中用户请求复原方法。通过对SSH交互原理的分析和验证,提出了用于复原用户请求的BACRM算法和EUARM算法,前者只对最基本的请求具有复原能力,而后者通过对回显消息中的转义字符集进行识别和理解,能精确复原复杂输入下的用户请求,实验结果证明了EUARM算法的有效性。
Data auditing has been an important security means in network security filed, which is mainly used to monitor and manage the user behavior behind network. The auditing method is closely related to the specific application and protocol. This paper discussed the problem of data auditing based on SSH protocol and concentrated on the restoring method for user request. By analyzing and verif- ying the interaction principle of SSH, we proposed BACRM and EUARM algorithm for the restoration. The former algorithm is just ca- pable of restoring the basic requests, while the latter can accurately restore the user requests under complex input by understanding the escape characters carried in echoed message. The experimental results validated the effectiveness of EUARM algorithm.
出处
《网络新媒体技术》
2016年第6期12-16,共5页
Network New Media Technology
基金
中国科学院战略性先导科技专项"新媒体服务网络技术研究与设备研制"(编号:XDA06010302)
中国科学院声学研究所知识创新工程项目(编号:Y154191601)
关键词
安全审计
SSH
请求复原
转义字符集
security audit, SSH, request restoring, escape character
