摘要
通过识别网络上异常的网络流量可以确定系统的位置来源,而要找出产生这些流量的应用或使用者却并不容易。因为可能许多用户使用过这些网系统,并且特洛伊木马可能已经在网络中传播和进行繁殖。网络访问审计日志将系统事件日志与网络监控结合起来,通过对网络传输的记录扩展了主机的原本的日志信息,从而提高了内部网的网络安全。
An attempt at determining the source of anomalous network traffic may result in the identification of the networked system where it originated.From a forensic point of view it is almost impossible to positively identify the application or the user behind the application that generated the traffic.Many users may have been using the networked system and there remains the possibility of network traffic generation by Trojan horses.We propose a network-access log that bridges the gap between system event logs and network monitoring by extending event logging on individual hosts with information pertaining to generation of network traffic.The key contribution of the proposed network access audit log is the establishment of the chain of evidence linking the outgoing traffic to its source thereby improving the network security of an intranet.
出处
《电脑知识与技术(过刊)》
2009年第8X期6403-6405,共3页
Computer Knowledge and Technology
关键词
事件日志
网络监控
网络取证
event Log
network monitoring
network forensics
