Multi surce audit data business uniformity judging method based on state conversion table

Abstract

The invention relates to a state conversion table-based judging method of the consistency of mulitsource audit data service. It adopts many types of information collecting agents distributed various places of a system to implement multiple information collecting modes, acquires audit data from various links and layers of the system, the information collecting agents process various information forms to generate a united standard audit information and report it to a service audit data consistency judgment center, which makes a whole consistency judgment on the service audit data based on the state conversion table, according to the relevance between the front and back service links, finds the inconsistency of service processing operations in various links, in time finds the occurrence of abnormal service operations like revising relative data, falsifying service data flow round an application system, etc, and makes the corresponding transaction processing according to the consistency judgment result. It can find the occurrence of abnormal service operations in time and enhances the strength of the auditing and monitoring mechanism.

Description

technical field [0001] The invention relates to a network security method, in particular to a multi-source audit data service consistency judgment method based on a state transition table. It belongs to the field of network technology. Background technique [0002] Security audit technology is a functional feature that a secure network must support. According to certain security policies, it records and analyzes various activities in the computer network system, and identifies existing and potential violations. At present, security audit is placed in an important position in many international norms and domestic security regulations on important networks. In recent years, the focus of security audit technology has expanded from network audit and system audit to the scope of content audit of business systems. After literature search, domestic applications were found: application number: 02148414.7, application date: 2002.12.3, publication number: CN1417690A, applicant: Nanj...

AI Technical Summary

Problems solved by technology

However, there are many defects in the technical solution of this invention: (1) the audit data collection method of security audit is too single, resulting in insufficient comprehensive source of audit data

The invention is based on the missing trace information at all levels of the business system as the source of audit data. The trace information missed by the system can only record its own operation status and some simple violation information. Real records of violations that occurred, making the audit intensity less

(2) Lack of context-related consistency judgment function

The application process audit proposed in this invention is to analyze each link in a business process as an isolated node, and judge whether the operation behavior in each link complies with the audit rules of the link. Ability to conduct correlation analysis and judgment between audit data

(3) The intensity of audit supervision is low

Especially the anti-bypass feature of the audit mechanism is poor, so in many cases, the audit supervision mechanism of the invention will be bypassed by experienced hackers or illegal operators

Images