CN110719334B - Auditing system and method suitable for cloud desktop behaviors - Google Patents
Auditing system and method suitable for cloud desktop behaviors Download PDFInfo
- Publication number
- CN110719334B CN110719334B CN201910995185.7A CN201910995185A CN110719334B CN 110719334 B CN110719334 B CN 110719334B CN 201910995185 A CN201910995185 A CN 201910995185A CN 110719334 B CN110719334 B CN 110719334B
- Authority
- CN
- China
- Prior art keywords
- information
- audit
- result information
- data
- middleware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/08—Protocols specially adapted for terminal emulation, e.g. Telnet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Abstract
The invention provides an auditing system and method suitable for cloud desktop behaviors, which comprises the following steps: a server-side pre-defined module; an audit policy manager module: virtualizing the cloud desktop according to predefined audit strategy information, defining an audit strategy of an audit object, defining an effective period, and acquiring audit strategy definition result information; an information collection module: recording the operation behavior of the virtual machine user according to the auditing strategy definition result information, and sending the recorded data to the distributed information collection middleware; acquiring user behavior collection result information; an audit information data management module: acquiring middleware data processing result information; according to the middleware data processing result information, obtaining result information to be displayed; audit data monitoring display module: and acquiring audit data monitoring display result information according to the to-be-displayed result information. According to the invention, through the analysis of the user behavior, the user operation intention can be accurately judged, and the abnormal operation of the user can be effectively identified.
Description
Technical Field
The invention relates to the field of auditing systems, in particular to an auditing system and method suitable for cloud desktop behaviors.
Background
With the rapid development of the information technology, from the gradual maturity of the server virtualization market to the continuous emergence of technologies such as desktop virtualization and application virtualization, the virtualization technology has become a trend of the development of the computer technology. More and more enterprises, governments, schools, finance and other institutions start to apply the desktop cloud so as to improve office efficiency and reduce operation cost, and the desktop virtualization technology becomes a new technology which is fastest in development and has the greatest application prospect. A Virtual Desktop Infrastructure (VDI) is abbreviated as VDI, and a Windows system is run on a server in a data center to virtualize a Desktop. Users connect with the virtual desktop through client computing protocols (such as PCoIP, RDP, HDP) from terminal devices (traditional terminal devices and mobile intelligent terminals), and users access their desktops just like accessing traditional locally installed desktops. At the same time, the need for supervision of cloud desktop usage is also becoming more urgent. In 2016 (12 months), the importance of auditing the user behavior of the virtual desktop is specially emphasized in the information and software service department of the department of industry and informatization, which issues a Chinese desktop cloud standardized white paper V1.0, so as to ensure the safety audit of the system and the safety of the virtualization environment.
At present, a plurality of challenges are also existed in the application of the cloud desktop behavior security audit. The behavior diversity of users, and the traditional log system does not retain the operation behavior log of the desktop cloud. The information that the user operated a large amount of relevant network data transmission on the cloud desktop needs to be recorded. Due to the particularity of the desktop cloud, auditing generates a large amount of distributed data, and how to efficiently integrate, analyze and display the data. The traditional IT audit can not meet the management requirement of auditing on a cloud desktop platform, and a distributed environment, comprehensive behavior data acquisition and screening capacity, efficient and flexible data retrieval capacity and rich and visual data display capacity are required to be provided.
Patent document CN108833514A discloses an audit log processing method and device based on a block chain in a log audit server, and a log audit system, including: receiving audit logs from one or more applications; and sending a first request to store the audit log to a blockchain system comprising the blockchain network, such that a node in the blockchain network stores the audit log in a blockchain created by the blockchain network. The patent cannot be applied to cloud desktop behavior auditing and cannot meet the management requirement for auditing in a process of going on a cloud desktop platform.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide an auditing system and method suitable for cloud desktop behaviors.
The invention provides an auditing system suitable for cloud desktop behaviors, which comprises: a server-side pre-defining module: predefining an audit strategy, providing comprehensive audit of user behaviors in the cloud platform, and acquiring predefined audit strategy information;
an audit policy manager module: according to predefined audit strategy information, virtualizing a cloud desktop, such as XenApp and Hua, defining an audit strategy of an audit object (such as Vmware View, a physical machine and the like), defining an effective period, and acquiring audit strategy definition result information;
an information collection module: recording the operation behavior of the virtual machine user according to the audit strategy definition result information, for example, acquiring the behavior record of the user by analyzing a windows event log, wherein the behavior record comprises file operation, application program operation, internet browsing and operation, acquiring the chat information of the user by an instant messaging agent, and sending the recorded data to a distributed information collection middleware; acquiring user behavior collection result information;
an audit information data management module: collecting result information according to user behaviors, collecting an audit record middleware by using distributed information, and acquiring information of the middleware to be processed;
according to the middleware information to be processed, data cleaning, format conversion and associated conversation are carried out on the recorded data, and the middleware data processing result information is obtained;
according to the middleware data processing result information, obtaining result information to be displayed;
audit data monitoring display module: and acquiring audit data monitoring display result information according to the to-be-displayed result information.
The audit record middleware is distributed information collection middleware for the audit record generated in the cloud platform server.
Preferably, the audit policy manager module comprises:
a multidimensional configuration specifying module: assigning virtual machine ID and user, events such as mouse and keyboard of the user, and software objects operated by the user to perform recording and recording time configuration, and user behavior screen recording configuration from multi-dimensional configuration, and acquiring multi-dimensional configuration assignment result information;
and obtaining audit strategy definition result information according to the predefined audit strategy information and the multi-dimensional configuration specified result information.
Preferably, the audit information data management module includes: an audit information data storage module: storing the middleware data processing result information into a distributed file database according to the middleware data processing result information, and acquiring database storage result information;
according to the result information stored in the database, obtaining the result information to be displayed;
dynamic dilatation module: dynamically expanding the data capacity of the distributed file database;
the distributed file database is capable of dumping or backing up data.
Preferably, the information collection module further comprises:
a screen recording module: and carrying out snapshot recording on the data of the virtual display card according to a set time interval, and carrying out duplicate removal.
Preferably, the audit data monitoring display module further comprises: visual alarm module: monitoring display result information and visual alarm configuration information according to audit data, and acquiring visual alarm strategy control information; a full field retrieval module: monitoring display result information according to audit data, performing a full-field audit information search engine, and acquiring full-field retrieval result information; customizing a statistical information dashboard module: monitoring display result information according to audit data, customizing a statistical information instrument panel, and acquiring information of the customized statistical information instrument panel; the visual alarm policy control information indicates visual alarm behavior.
The auditing method suitable for the cloud desktop behavior provided by the invention comprises the following steps:
server-side pre-defining: predefining an audit strategy, providing comprehensive audit of user behaviors in the cloud platform, and acquiring predefined audit strategy information;
auditing a policy manager step: according to predefined audit strategy information, virtualizing a cloud desktop, such as XenApp and Hua desktop, defining an audit strategy of an audit object (such as Vmware View, a physical machine and the like), defining an effective period, and acquiring audit strategy definition result information;
an information collection step: recording the operation behavior of the virtual machine user according to the audit strategy definition result information, for example, acquiring the behavior record of the user by analyzing a windows event log, wherein the behavior record comprises file operation, application program operation, internet browsing and operation, acquiring the chat information of the user by an instant messaging agent, sending the recorded data to a distributed information collection middleware, and acquiring the user behavior collection result information;
audit information data management: collecting result information according to user behaviors, collecting an audit record middleware by using distributed information, and acquiring information of the middleware to be processed;
according to the middleware information to be processed, data cleaning, format conversion and associated conversation are carried out on the recorded data, and the middleware data processing result information is obtained;
according to the middleware data processing result information, obtaining result information to be displayed;
monitoring and displaying audit data: and acquiring audit data monitoring display result information according to the to-be-displayed result information.
The audit record middleware is distributed information collection middleware for the audit record generated in the cloud platform server.
Preferably, the auditing policy manager step includes:
and a multi-dimensional configuration specifying step: assigning virtual machine ID and user, events such as mouse and keyboard of the user, and software objects operated by the user to perform recording and recording time configuration, and user behavior screen recording configuration from multi-dimensional configuration, and acquiring multi-dimensional configuration assignment result information;
and obtaining audit strategy definition result information according to the predefined audit strategy information and the multi-dimensional configuration specified result information.
Preferably, the audit information data management step includes: and audit information data storage step: storing the middleware data processing result information into a distributed file database according to the middleware data processing result information, and acquiring database storage result information;
according to the result information stored in the database, obtaining the result information to be displayed;
dynamic capacity expansion step: dynamically expanding the data capacity of the distributed file database;
the distributed file database is capable of dumping or backing up data.
Preferably, the information collecting step further comprises:
screen recording: and carrying out snapshot recording on the data of the virtual display card according to a set time interval, and carrying out duplicate removal.
Compared with the prior art, the invention has the following beneficial effects:
1. the invention can collect all the operation behaviors of four types of users (application program operation, file operation, browser surfing and instant messaging software), and can also complete data collection even for encrypted data;
2. the invention can divide the audit objects into groups in a grading way, customize the personalized audit strategy and meet various management requirements;
3. the invention can perform stable horizontal expansion according to the scale of the virtualized cloud so as to ensure that the behavior audit information can be processed and displayed in time;
4. according to the invention, through the analysis of the user behavior, the user operation intention can be accurately judged, the abnormal operation of the user can be effectively identified, whether the operation of the business application system meets the standard or not is checked, and the investigation and evidence obtaining of the abnormal behavior are realized;
5. the invention is suitable for a plurality of mainstream desktop cloud virtualization manufacturers (Hua is cloud, Citrix, VMware and Microsoft) in the market at present;
6. according to the cloud desktop, besides the traditional screen recording function, comprehensive collection of user operation behaviors is enhanced, the user operation behaviors can be extracted to form metadata according to action types, application programs, internet browsing, network communication and the like, the metadata of different types of behaviors can be defined, and the text information records related to behavior information can be defined;
7. the cloud desktop behavior auditing system can achieve real-time uploading of large data volume records generated by cloud desktop behavior auditing, the server analyzes, deduplicates, organizes and stores data in a session mode, and the system receives, analyzes and stores the data by using a distributed platform;
8. the cloud desktop heterogeneous data structure integration method can integrate heterogeneous data structures of various behaviors of the cloud desktop, realize full-field retrieval, monitor the behaviors of users through a visual instrument panel, quickly find safety problems, timely process and track, and realize charting of statistical data;
9. the invention supports a user-defined audit strategy, supports screening and duplicate removal of system and user behavior logs, supports monitoring of network transmission data, supports transmission cleaning and storage of a large amount of log data, and supports efficient and flexible data retrieval and visual multi-dimensional display.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a schematic flow chart of the present invention.
Fig. 2 is a schematic diagram of the framework of the present invention.
Fig. 3 is a schematic diagram of a system framework in an embodiment of the invention.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that it would be obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit of the invention. All falling within the scope of the present invention.
As shown in fig. 1 and fig. 2, the auditing system suitable for cloud desktop behavior provided by the present invention includes:
a server-side pre-defining module: predefining an audit strategy, providing comprehensive audit of user behaviors in the cloud platform, and acquiring predefined audit strategy information;
an audit policy manager module: according to predefined audit strategy information, virtualizing a cloud desktop, such as XenApp and Hua, defining an audit strategy of an audit object (such as Vmware View, a physical machine and the like), defining an effective period, and acquiring audit strategy definition result information;
an information collection module: recording the operation behavior of the virtual machine user according to the audit strategy definition result information, for example, acquiring the behavior record of the user by analyzing a windows event log, wherein the behavior record comprises file operation, application program operation, internet browsing and operation, acquiring the chat information of the user by an instant messaging agent, and sending the recorded data to a distributed information collection middleware; acquiring user behavior collection result information;
an audit information data management module: collecting result information according to user behaviors, collecting an audit record middleware by using distributed information, and acquiring information of the middleware to be processed;
according to the middleware information to be processed, data cleaning, format conversion and associated conversation are carried out on the recorded data, and the middleware data processing result information is obtained;
according to the middleware data processing result information, obtaining result information to be displayed;
audit data monitoring display module: and acquiring audit data monitoring display result information according to the to-be-displayed result information.
The audit record middleware is distributed information collection middleware for the audit record generated in the cloud platform server.
Preferably, the audit policy manager module comprises:
a multidimensional configuration specifying module: assigning virtual machine ID and user, events such as mouse and keyboard of the user, and software objects operated by the user to perform recording and recording time configuration, and user behavior screen recording configuration from multi-dimensional configuration, and acquiring multi-dimensional configuration assignment result information;
and obtaining audit strategy definition result information according to the predefined audit strategy information and the multi-dimensional configuration specified result information.
Preferably, the audit information data management module includes: an audit information data storage module: storing the middleware data processing result information into a distributed file database according to the middleware data processing result information, and acquiring database storage result information;
according to the result information stored in the database, obtaining the result information to be displayed;
dynamic dilatation module: dynamically expanding the data capacity of the distributed file database;
the distributed file database is capable of dumping or backing up data.
Preferably, the information collection module further comprises:
a screen recording module: and carrying out snapshot recording on the data of the virtual display card according to a set time interval, and carrying out duplicate removal.
Preferably, the audit data monitoring display module further comprises: visual alarm module: monitoring display result information and visual alarm configuration information according to audit data, and acquiring visual alarm strategy control information; a full field retrieval module: monitoring display result information according to audit data, performing a full-field audit information search engine, and acquiring full-field retrieval result information; customizing a statistical information dashboard module: monitoring display result information according to audit data, customizing a statistical information instrument panel, and acquiring information of the customized statistical information instrument panel; the visual alarm policy control information indicates visual alarm behavior.
Specifically, in one embodiment, a system for auditing cloud desktop behavior includes: the application server side software deployment subsystem is used for predefining an audit strategy and providing comprehensive audit of user behaviors in the cloud platform, and comprises an audit information data management module and an audit information data analysis and display module, wherein: the audit strategy manager is used for audit strategy definition of audit objects such as Xenopp, Huawei desktop virtualization, Vmware View, physical machines and the like, and can configure and designate virtual machine ID, a user, mouse and keyboard events of the user and software objects operated by the user from multiple dimensions to perform recording and time recording configuration and user behavior screen recording configuration. And the audit information data management module is used for storing audit records generated in the cloud platform server into a distributed file database by adopting a distributed information collection middleware through data cleaning and format conversion, can dynamically expand the data capacity, and has the functions of dumping and backing up data. And the audit information data analysis and display module is used for customizing a visual alarm strategy, providing a snapshot of a full-field audit information search engine and a cloud desktop operation behavior, and customizing a statistical information instrument panel. And the client software deployment subsystem is used for recording any operation of the virtual machine user according to the auditing strategy, and comprises a user behavior collection module and a screen recording module. And the user behavior collection module is used for acquiring behavior records of the user by analyzing the windows event log, wherein the behavior records comprise file operation, application program operation, internet browsing and operation, and the user chat information is acquired by the instant messaging agent. And the screen recording module is used for carrying out snapshot recording on the data of the virtual display card according to the set time interval and carrying out duplicate removal.
As shown in fig. 3, the main modules and the working flow of the system are as follows:
the agent program is installed in each cloud desktop, the agent program registers the cloud desktop into the management server, the management server can obtain information of the cloud desktop and users, and the cloud desktops can be grouped to adapt to different behavior auditing strategies.
The auditing strategy manager makes a behavior auditing strategy for the cloud desktop and the grouping thereof, can customize metadata acquired by four different behaviors (application program operation, file operation, browser internet operation and instant messaging chat operation), defines the effective time period of the strategy, can flexibly configure the acquisition rate and resolution ratio for recording the user behavior, and pushes the strategy to the cloud desktop after finishing.
And the user behavior collection module on the client acquires user behaviors according to the audit strategy issued by the strategy manager, the collection starts from the login of the user on the cloud desktop, the session of the user is recorded, and all behaviors of the user are related to the session until the user pushes out the cloud desktop.
The different behaviors of the user adopt a specific acquisition method. For an application program, the program name of the application, the theme and operation start time of an open form and the time when the form loses focus can be captured, and the playback of a recording screen can be positioned in the time period; for file operations, the operation type (creating, saving, deleting, moving), the source path and the destination path (including the remote path) of the file or the directory can be captured; recording a website for the internet access operation; and for the instant messaging chat operation, encrypting and decrypting the chat data through the agent to obtain the chat text and the transmission state information.
And the screen recording module on the client carries out snapshot recording on the data of the virtual display card according to the time interval and the resolution ratio set by the strategy, and carries out duplication removal and time stamping. The screen recording data are directly sent to the file server, and the index information of the screen recording data are sent to the data receiving manager.
According to the designation of the management server, the client sends the collected data to the corresponding data receiving manager, and a plurality of data receiving managers in the whole network respectively receive the data of a plurality of different clients, so that load balance and high availability are realized, and the throughput of the data is improved.
The distributed data receiving manager cleans up and removes the received data, converts the format, associates the behavior record with the corresponding session, and finally transmits the data to the distributed database for storage.
Different safety strategies are formulated for the behaviors of different types of users (such as office staff, scientific research staff and financial service operating staff) in the behavior alarm module, and the sensitive and risky operations are alarmed; the audit information can be searched in a full field and result information can be customized through the information inquiry device, so that the accurate positioning of operation behaviors is realized, the operation behavior analysis is provided, and active behavior monitoring is performed on high-risk users. And displaying each behavior statistical chart by using a visual instrument board.
Those skilled in the art can understand the auditing system applicable to the cloud desktop behavior provided by the present invention as an embodiment of the auditing method applicable to the cloud desktop behavior provided by the present invention. That is, the auditing system applicable to the cloud desktop behavior can be realized by executing the step flow of the auditing method applicable to the cloud desktop behavior.
The auditing method suitable for the cloud desktop behavior provided by the invention comprises the following steps:
server-side pre-defining: predefining an audit strategy, providing comprehensive audit of user behaviors in the cloud platform, and acquiring predefined audit strategy information;
auditing a policy manager step: according to predefined audit strategy information, virtualizing a cloud desktop, such as XenApp and Hua desktop, defining an audit strategy of an audit object (such as Vmware View, a physical machine and the like), defining an effective period, and acquiring audit strategy definition result information;
an information collection step: recording the operation behavior of the virtual machine user according to the audit strategy definition result information, for example, acquiring the behavior record of the user by analyzing a windows event log, wherein the behavior record comprises file operation, application program operation, internet browsing and operation, acquiring the chat information of the user by an instant messaging agent, sending the recorded data to a distributed information collection middleware, and acquiring the user behavior collection result information;
audit information data management: collecting result information according to user behaviors, collecting an audit record middleware by using distributed information, and acquiring information of the middleware to be processed;
according to the middleware information to be processed, data cleaning, format conversion and associated conversation are carried out on the recorded data, and the middleware data processing result information is obtained;
according to the middleware data processing result information, obtaining result information to be displayed;
monitoring and displaying audit data: and acquiring audit data monitoring display result information according to the to-be-displayed result information.
The audit record middleware is distributed information collection middleware for the audit record generated in the cloud platform server.
Preferably, the auditing policy manager step includes:
and a multi-dimensional configuration specifying step: assigning virtual machine ID and user, events such as mouse and keyboard of the user, and software objects operated by the user to perform recording and recording time configuration, and user behavior screen recording configuration from multi-dimensional configuration, and acquiring multi-dimensional configuration assignment result information;
and obtaining audit strategy definition result information according to the predefined audit strategy information and the multi-dimensional configuration specified result information.
Preferably, the audit information data management step includes: and audit information data storage step: storing the middleware data processing result information into a distributed file database according to the middleware data processing result information, and acquiring database storage result information;
according to the result information stored in the database, obtaining the result information to be displayed;
dynamic capacity expansion step: dynamically expanding the data capacity of the distributed file database;
the distributed file database is capable of dumping or backing up data.
Preferably, the information collecting step further comprises:
screen recording: and carrying out snapshot recording on the data of the virtual display card according to a set time interval, and carrying out duplicate removal.
Specifically, in one embodiment, a method for auditing cloud desktop behavior includes the following steps:
step one, a user can identify various virtualization objects through a system platform, search all managed virtualization desktops, and group the virtualization desktops.
And step two, an auditing strategy manager in the system can define various behavior auditing projects aiming at the virtual desktop and combinations thereof, can flexibly configure the strategy to the virtual desktop and a virtual desktop group, and can define an effective period.
And step three, the system collects the operation behavior information of the user on the virtual desktop according to a predefined strategy through an information collection module arranged on the cloud desktop client, and then sends the recorded data to a distributed information collection middleware.
And fourthly, cleaning, filtering and converting the recorded data through the distributed information collection middleware, associating the session, and then orderly storing the session in a distributed file database.
Step five, monitoring the behavior information in real time through the configuration of the behavior alarm module; the audit information can be searched in full fields and result information can be customized through the information inquirer; the statistical data can be displayed according to the requirements of users through the configuration of the information dashboard.
Those skilled in the art will appreciate that, in addition to implementing the system and its various devices, modules, units provided by the present invention as pure computer readable program code, the system and its various devices, modules, units provided by the present invention can be fully implemented by logically programming method steps in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system and various devices, modules and units thereof provided by the invention can be regarded as a hardware component, and the devices, modules and units included in the system for realizing various functions can also be regarded as structures in the hardware component; means, modules, units for performing the various functions may also be regarded as structures within both software modules and hardware components for performing the method.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.
Claims (10)
1. An audit system suitable for cloud desktop behavior, comprising:
the software deployment predefined module: predefining an audit strategy, providing comprehensive audit of user behaviors in the cloud platform, and acquiring predefined audit strategy information;
an audit policy manager module: virtualizing the cloud desktop according to predefined audit strategy information, defining an audit strategy of an audit object, defining an effective period, and acquiring audit strategy definition result information;
an information collection module: recording the user operation behavior of the virtual machine according to the auditing strategy definition result information, sending the recorded data to the distributed information collection middleware, and acquiring user behavior collection result information;
an audit information data management module: collecting result information according to user behaviors, collecting an audit record middleware by using distributed information, and acquiring information of the middleware to be processed;
according to the middleware information to be processed, data cleaning, format conversion and associated conversation are carried out on the recorded data, and the middleware data processing result information is obtained;
according to the middleware data processing result information, obtaining result information to be displayed;
audit data monitoring display module: acquiring audit data monitoring display result information according to the to-be-displayed result information;
the audit record middleware is distributed information collection middleware for the audit record generated in the cloud platform server.
2. The auditing system for cloud desktop behavior of claim 1, where the audit policy manager module comprises:
a multidimensional configuration specifying module: the method comprises the steps that a multi-dimensional configuration appoints a virtual machine ID and a software object operated by a user, a user event and the user to perform recording and time recording configuration, and a user behavior screen recording configuration, and multi-dimensional configuration appointed result information is obtained;
and obtaining audit strategy definition result information according to the predefined audit strategy information and the multi-dimensional configuration specified result information.
3. The auditing system suitable for cloud desktop behavior of claim 1, where the audit information data management module comprises:
an audit information data storage module: storing the middleware data processing result information into a distributed file database according to the middleware data processing result information, and acquiring database storage result information;
according to the result information stored in the database, obtaining the result information to be displayed;
dynamic dilatation module: dynamically expanding the data capacity of the distributed file database;
the distributed file database is capable of dumping or backing up data.
4. The auditing system for cloud desktop behavior of claim 2, the information collection module further comprising:
a screen recording module: and carrying out snapshot recording on the data of the virtual display card according to a set time interval, and carrying out duplicate removal.
5. The auditing system suitable for cloud desktop behavior of claim 1, audit data monitoring display module further comprising:
visual alarm module: monitoring display result information and visual alarm configuration information according to audit data, and acquiring visual alarm strategy control information;
a full field retrieval module: monitoring display result information according to audit data, performing a full-field audit information search engine, and acquiring full-field retrieval result information;
customizing a statistical information dashboard module: monitoring display result information according to audit data, customizing a statistical information instrument panel, and acquiring information of the customized statistical information instrument panel;
the visual alarm policy control information indicates visual alarm behavior.
6. An auditing method applicable to cloud desktop behavior is characterized by comprising the following steps:
the software deployment predefined method comprises the following steps: predefining an audit strategy, providing comprehensive audit of user behaviors in the cloud platform, and acquiring predefined audit strategy information;
the auditing strategy manager method comprises the following steps: virtualizing the cloud desktop according to predefined audit strategy information, defining an audit strategy of an audit object, defining an effective period, and acquiring audit strategy definition result information;
the information collection method comprises the following steps: recording the user operation behavior of the virtual machine according to the auditing strategy definition result information, sending the recorded data to the distributed information collection middleware, and acquiring user behavior collection result information;
the audit information data management method comprises the following steps: collecting result information according to user behaviors, collecting an audit record middleware by using distributed information, and acquiring information of the middleware to be processed;
according to the middleware information to be processed, data cleaning, format conversion and associated conversation are carried out on the recorded data, and the middleware data processing result information is obtained;
according to the middleware data processing result information, obtaining result information to be displayed;
audit data monitoring display module: acquiring audit data monitoring display result information according to the to-be-displayed result information;
the audit record middleware is distributed information collection middleware for the audit record generated in the cloud platform server.
7. The auditing method for cloud desktop behavior according to claim 6, wherein the auditing policy manager method comprises:
the multi-dimensional configuration specifying method comprises the following steps: the method comprises the steps that a multi-dimensional configuration appoints a virtual machine ID and a software object operated by a user, a user event and the user to perform recording and time recording configuration, and a user behavior screen recording configuration, and multi-dimensional configuration appointed result information is obtained;
and obtaining audit strategy definition result information according to the predefined audit strategy information and the multi-dimensional configuration specified result information.
8. The auditing method suitable for cloud desktop behavior according to claim 6, wherein the auditing information data management method comprises:
the audit information data storage method comprises the following steps: storing the middleware data processing result information into a distributed file database according to the middleware data processing result information, and acquiring database storage result information;
according to the result information stored in the database, obtaining the result information to be displayed;
the dynamic capacity expansion method comprises the following steps: dynamically expanding the data capacity of the distributed file database;
the distributed file database is capable of dumping or backing up data.
9. The auditing method for cloud desktop behavior according to claim 7, wherein the information gathering method further comprises:
the screen recording method comprises the following steps: and carrying out snapshot recording on the data of the virtual display card according to a set time interval, and carrying out duplicate removal.
10. The auditing method suitable for cloud desktop behavior according to claim 6, where the auditing data monitoring display method further comprises:
the visual alarm method comprises the following steps: monitoring display result information and visual alarm configuration information according to audit data, and acquiring visual alarm strategy control information;
the full-field retrieval method comprises the following steps: monitoring display result information according to audit data, performing a full-field audit information search engine, and acquiring full-field retrieval result information;
customizing a statistical information dashboard method: monitoring display result information according to audit data, customizing a statistical information instrument panel, and acquiring information of the customized statistical information instrument panel;
the visual alarm policy control information indicates visual alarm behavior.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910995185.7A CN110719334B (en) | 2019-10-18 | 2019-10-18 | Auditing system and method suitable for cloud desktop behaviors |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910995185.7A CN110719334B (en) | 2019-10-18 | 2019-10-18 | Auditing system and method suitable for cloud desktop behaviors |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110719334A CN110719334A (en) | 2020-01-21 |
| CN110719334B true CN110719334B (en) | 2021-10-26 |
Family
ID=69212841
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910995185.7A Active CN110719334B (en) | 2019-10-18 | 2019-10-18 | Auditing system and method suitable for cloud desktop behaviors |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110719334B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107395570A (en) * | 2017-06-28 | 2017-11-24 | 青岛以太科技股份有限公司 | Cloud platform auditing system based on big data administrative analysis |
| CN108475217A (en) * | 2016-01-05 | 2018-08-31 | 比特梵德知识产权管理有限公司 | System and method for virtual machine of auditing |
| CN108920690A (en) * | 2018-07-13 | 2018-11-30 | 北京朋创天地科技有限公司 | Visual network method for auditing safely and system |
| CN109005162A (en) * | 2018-07-18 | 2018-12-14 | 中国联合网络通信集团有限公司 | Industrial control system method for auditing safely and device |
| CN109471846A (en) * | 2018-11-02 | 2019-03-15 | 中国电子科技网络信息安全有限公司 | User behavior auditing system and method on a kind of cloud based on cloud log analysis |
-
2019
- 2019-10-18 CN CN201910995185.7A patent/CN110719334B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108475217A (en) * | 2016-01-05 | 2018-08-31 | 比特梵德知识产权管理有限公司 | System and method for virtual machine of auditing |
| CN107395570A (en) * | 2017-06-28 | 2017-11-24 | 青岛以太科技股份有限公司 | Cloud platform auditing system based on big data administrative analysis |
| CN108920690A (en) * | 2018-07-13 | 2018-11-30 | 北京朋创天地科技有限公司 | Visual network method for auditing safely and system |
| CN109005162A (en) * | 2018-07-18 | 2018-12-14 | 中国联合网络通信集团有限公司 | Industrial control system method for auditing safely and device |
| CN109471846A (en) * | 2018-11-02 | 2019-03-15 | 中国电子科技网络信息安全有限公司 | User behavior auditing system and method on a kind of cloud based on cloud log analysis |
Non-Patent Citations (1)
| Title |
|---|
| 基于OCR技术的云桌面行为智能审计系统实现;杨雪婷;《中国优秀硕士学位论文全文数据库(信息科技辑)》;20190831;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110719334A (en) | 2020-01-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10761687B2 (en) | User interface that facilitates node pinning for monitoring and analysis of performance in a computing environment | |
| US10205643B2 (en) | Systems and methods for monitoring and analyzing performance in a computer system with severity-state sorting | |
| US10469344B2 (en) | Systems and methods for monitoring and analyzing performance in a computer system with state distribution ring | |
| US11941017B2 (en) | Event driven extract, transform, load (ETL) processing | |
| CN107315776B (en) | Data management system based on cloud computing | |
| US9754395B2 (en) | Proactive monitoring tree providing distribution stream chart with branch overlay | |
| US11036608B2 (en) | Identifying differences in resource usage across different versions of a software application | |
| US9442817B2 (en) | Diagnosis of application server performance problems via thread level pattern analysis | |
| CN103970533A (en) | Method and device for recording captured information on screen | |
| CN111639016A (en) | Big data log analysis method and device and computer storage medium | |
| CN110719334B (en) | Auditing system and method suitable for cloud desktop behaviors | |
| CN114020893A (en) | Log retrieval method and device based on distributed storage and storage medium | |
| KR20110070767A (en) | Remote forensics system based on network | |
| CN116185677A (en) | Automatic fault positioning method, system and medium | |
| CN117573467A (en) | Log processing method, device, equipment and storage medium | |
| CN115757041A (en) | Dynamically configurable multi-cluster log collection method and application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |