摘要
网络安全已经上升到关系国家主权战略问题,受到广泛的重视。近年越来越多的新型攻击方式不断涌现,对于这些无法防范的安全威胁,经过正确配置和记录的系统日志便发挥出其价值。尤其对于大型企业,其系统日志是冗杂且数量庞大,完整性也经常遭到人为的破坏。论文介绍了Windows操作系统的日志结构,利用已有的日志分析辅助工具和批量处理工具,讨论如何更高效地利用系统日志完成安全事件的溯源,并查找系统未知漏洞以进行修补,最终给出系统日志分析的基本模型。
Network security has risen to the relationship between national sovereignty strategic issues,and has been widely attention.Recently more and more completely new attacking methods appeared on the network.The event log is getting valuable because we can’t defend those threats.But the event log of a system is redundant and in a large amount,especially for enterprise.And the integrality of the log is always destroyed factitiously.This passage will introduce the struct of Windows event log and discuss about how to originate the source of the security accident and find vulnerabilities to repair.Finally,will give out basic model of system log analysis.
作者
李春强
夏伟
Li Chunqiang;Xia Wei(Beijing Information Science and Technology University/Beijing Jingwei Xinan Technology Co. Ltd., Beijing 100101)
出处
《网络空间安全》
2018年第9期70-77,共8页
Cyberspace Security
关键词
日志分析
终端安全
企业内网安全
event log analysis
terminal security
corporation intranet security
