摘要
主机日志在入侵检测和计算机犯罪取证中有不可替代的作用,通过深入分析主机日志可以发现系统的异常行为和犯罪者留下的踪迹。而计算机入侵者和计算机犯罪者通过删除、篡改等方式来销毁或破坏被攻击系统上的其操作所留下来的日志记录,最终躲避系统管理员和专业人员的追踪、安全审计和犯罪取证。因此,对主机日志的安全保护直接关系到计算机系统的安全。本文对现有的日志安全保护技术进行了研究,并在此基础上提出了一种新的方法。
Log in host intrusion detection and evidence of computer crime in the irreplaceable role,through in-depth analysis of the host system log can be found the abnormal behavior and the traces of the perpetrators left behind.But,computer intruders and offenders by removing or tampering to damage the log records of their operation.,to avoid the follow-up、Safety Audit and criminal evidence by system administrators and professionals.So,Log's security on host is directly related to the security of computer systems.In this paper,researched the existing log's safety protection technology,and give a new method.
出处
《电脑知识与技术(过刊)》
2009年第5X期3817-3819,共3页
Computer Knowledge and Technology
关键词
系统日志
日志格式
安全保护
实时备份
system log
log format
security protection
real-time backup
