Cloud data safe auditing method based on multi-Agent

Abstract

The invention discloses a dynamically extensible cloud auditing method based on multi-Agent. The method includes steps that every host loads and operates an Agent event collection subsystem and an Agent event analysis subsystem; the collection subsystem and the analysis subsystem serve as background processes to collect and analyze auditing information in a monitored cloud auditing system, and transmit data to a central administrator server; a GUI (Graphical User Interface)client-side is used for checking status of every host; the central administrator server and a data base are used for receiving data and reports from the hosts, controlling communication information of the whole cloud auditing system, and analyzing and store received safe auditing events; a Windows Agent subsystem bottom calls application programming interface of the system to access to contents of Windows events, then the contents are normalized to system log events to be sent to the Agent event analysis subsystem; and an Linux Agent system bottom uses an event collection module to collect data.

Description

technical field [0001] The invention relates to the field of cloud storage data security in computer networks, in particular to a multi-Agent-based cloud data security audit method. Background technique [0002] Security audit is to use data mining and data warehouse technology to realize terminal-to-terminal monitoring and management in different network environments. When necessary, it can issue warnings to administrators or automatically take troubleshooting measures through various channels, and can analyze historical data. , processing and tracking. [0003] With the development of information technology and the rise of cloud storage technology, the audit log system is very important for checking, understanding or evaluating the degree of attack on cloud storage system. However, the current auditing system has the following problems: [0004] 1) At present, almost all audit systems simply write sensitive log information into log files in text form, or send logs to the...

AI Technical Summary

Problems solved by technology

[0005] 2) The audit log system designed according to the PEO and VCR protocols does not fully support the security log audit system of cloud storage, mainly in the following aspects: the logs of different formats from various systems or applications cannot be centrally sent to a remote log server for storage; only A simple log encryption method is used to protect the original log, and the message authentication code (MAC) mechanism is not used to verify the authority of the auditor to request access to the log; when the log generated by the system is sent to the log server in real time, the bandwidth paid is relatively large, and it is easy for attacks After obtaining the system authority, the attacker launches a denial of service attack (Dos) on the log server, thereby modifying or even deleting the log; when viewing the log, as long as the decryption key of a log record is obtained, all subsequent log records can be viewed

[0006] 3) The scalability of the current audit system is not good enough

Images