WO2004051929A1 - Systeme de plate-forme de verification pour processus d'application base sur des composantes - Google Patents

Systeme de plate-forme de verification pour processus d'application base sur des composantes Download PDF

Info

Publication number
WO2004051929A1
WO2004051929A1 PCT/CN2003/001027 CN0301027W WO2004051929A1 WO 2004051929 A1 WO2004051929 A1 WO 2004051929A1 CN 0301027 W CN0301027 W CN 0301027W WO 2004051929 A1 WO2004051929 A1 WO 2004051929A1
Authority
WO
WIPO (PCT)
Prior art keywords
audit
application
business
security
information
Prior art date
Application number
PCT/CN2003/001027
Other languages
English (en)
Chinese (zh)
Inventor
Jun Lv
Weiqi Li
Weishen Xue
Original Assignee
Nanjing Golden Eagle International Group Software System Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Golden Eagle International Group Software System Co., Ltd. filed Critical Nanjing Golden Eagle International Group Software System Co., Ltd.
Priority to AU2003289636A priority Critical patent/AU2003289636A1/en
Publication of WO2004051929A1 publication Critical patent/WO2004051929A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes

Definitions

  • the invention is an audit platform system which is directed to and applied to the operation tracking and monitoring of computer information systems in various industries, and in particular relates to real-time scanning processing and auditing of trace information left by various behaviors during the operation of various computer information systems.
  • the platform system belongs to the field of computer information security prevention technology.
  • Firewall technology This is an important security technology developed in recent years. It is characterized by checking network communication at the network entry point, and providing internal and external network communication under the premise of protecting the security of the internal network according to the security rules set by the customer.
  • Virus protection technology has always been one of the main problems of information system security. The characteristics of virus protection technology are to prevent the spread of viruses, check and remove viruses, upgrade virus databases, and install on firewalls, proxy servers, and PCs. Java and ActiveX control scanning software. Unauthorized control download and installation are prohibited.
  • Intrusion detection technology-Intrusion detection system is a new type of network security technology that has appeared in recent years. It can be divided into host-based and network-based. The purpose is to provide real-time intrusion detection and take corresponding protection measures, such as recording evidence for tracking. And recovery, disconnection of network connections, etc., which are characterized by protocol analysis and detection capabilities, complete security, accuracy and integrity, anti-spoofing capabilities, and
  • Security scanning technology is security scanning technology, which also has server-based and network-based distinctions. When it cooperates with firewalls and security monitoring systems, it can greatly improve the network.
  • the server-based scanner mainly scans server-related security vulnerabilities and proposes corresponding solutions; while the network-based security scanner mainly scans and sets servers, routers, bridges, switches, access servers, firewalls, etc. in the network.
  • the security vulnerability of the device can be set to simulate attacks to test the defense capabilities of the system.
  • E-mail system security technology This technology guarantees the security of e-mail.
  • Operating system security technology Many kinds of operating systems are usually run in the information network.
  • the technologies include access control, security policies, data integrity, and auditing technologies.
  • the purpose of the present invention is to propose a component-based application process audit platform system that uses information technology as a means to apply systems, application processes, and application results to various specific industries on the rationality and process of system security.
  • the component-based application process audit platform system of the present invention includes a known computer system, and further includes:
  • AGENT installed in the user business application environment, manages the download of user business audit rule configuration information and component packages, schedules management data probes (Probe), and data collection agents connected to the control server.
  • the data collection agent (AGENT) provides The data probe (Probe) component management scheduling function;
  • Probe also known as probe: a data probe installed on the data collection node, based on componentization, collecting data according to the user's configuration, and uploading it to the control server in real time;
  • Control Server Installed on an independent system, managed by the internal control department, providing management of rule configuration libraries and component libraries, dynamically calling various types of data analyzers, data miners and other auxiliary component function packages for data analysis and mining
  • a control server including:
  • a business database storing the audit record data collected by the probe, filtered by the filter, and formatted
  • F Define an audit rule base for probe data collection strategies, real-time analyzer filtering, analysis strategies, and how post-mortem data analysis tools work;
  • User Console A graphical user console for users to configure rules and view reports and other related information.
  • the above user business application environment is a computer business information system of various industries.
  • the data probe includes server probes for monitoring application servers, network probes for monitoring networks, database probes for monitoring databases, monitoring application software, and applications for monitoring business processes. Layer probes, etc.
  • the platform uses ORB and complies with the C0RBA specification. It uses faceted description methods to describe application components, and adopts library management and automatic release technology. Based on the domain engineering method, the platform establishes a domain audit component library, and uses reusable software components as assembly blocks to assemble audit data collection, analysis, and reporting functions. On the Agent side, the platform uses network transparent interception to intercept various data packets on the network, and analyzes and processes various log records of system activities. On the Control Server side, information is collected, analyzed, and processed through the application of process audits, and specific activity characteristics implied in the system activity information are identified and extracted, and various existing and potential violations are identified.
  • the data collection node installed in the existing business application environment downloads user business audit rule configuration information and component packages, starts the data detector, and completes the scheduling and management of the data detector; the data detector is scheduled according to the user's configuration
  • the probe collects data and uploads it to the control server in real time; the control server stores the probe collection from the business database according to the probe data collection strategy, real-time analyzer filtering, analysis strategy, and post-mortem data analysis tool definition defined by the audit rule base.
  • the present invention is a security audit platform for specific business process applications, which comprehensively applies component technology, security management and security architecture technology, security audit and intrusion detection and early warning technology, adopts the application process audit method, and provides a A common platform for application of security audit in the field, introducing security audit based on business rules into the security management system, providing auditors with complete in-event and post-event system audit tools, which are provided by componentization, rule configuration, and knowledge base
  • the flexibility and composability provided guarantee conditions for adapting to the wide variety of industry applications; the openness and scalability of the component library, audit rule database, and knowledge management database provided technical support for adapting to the changing development of different industry applications.
  • the present invention has various internal and external behavior processes in the operation process of the business system through in-process audits at various levels of the information system (application system, database, operating system, network).
  • the characteristics of the trace information left behind are real-time and quasi-real-time scanning, analysis, and early warning. Therefore, various violations and suspicious events can be found in time, and then computer crime can be fundamentally prevented and eliminated to ensure the security of the information system.
  • various post-mortem monitoring systems currently used by commercial banks that fall into the scope of post-mortem audit, it has obvious characteristics and substantial progress.
  • General basic software systems such as non-standard operations, non-orthodox systems, databases, and other operating systems in the business process, and common business behaviors conduct audit data according to business rules and do not care about specific business characteristics and behaviors. Only care about common network behaviors (such as illegal browsing of web management objects, sending E-mail, FTP, shared files, etc.) whether there is a way to implement behaviors that endanger the basic network.
  • Application process analysis Content filtering, rule matching. Focus on business applications. For the central network, the system is the central user, business auditors, network administrators are not related to the specific business on the basic network, and only manage the bearer network. Domain applications are targeted by componentized and modular basic networks that are suitable for all industries. Object
  • FIG. 1 is a schematic diagram of a system structure according to the first embodiment of the present invention.
  • FIG. 2 is a topology diagram of the first embodiment of FIG. 1.
  • FIG. 2 is a topology diagram of the first embodiment of FIG. 1.
  • FIG. 3 is a schematic diagram of an application environment of a bank deposit and withdrawal service in Embodiment 1.
  • FIG. 3 is a schematic diagram of an application environment of a bank deposit and withdrawal service in Embodiment 1.
  • FIG. 4 is a schematic diagram of a bank deposit and withdrawal business decomposition process in Embodiment 1.
  • FIG. 4 is a schematic diagram of a bank deposit and withdrawal business decomposition process in Embodiment 1.
  • FIG. 5 is a schematic diagram of a topology according to a second embodiment of the present invention. detailed description
  • This embodiment is a component-based application process audit platform system applied to a large-scale financial network system. Its basic structure is shown in the figure, and the following main parts are composed:
  • Control Server which installs an independent operating system and provides management of automatic configuration libraries and component libraries, and dynamically calls various types of data analyzers, data miners and other auxiliary component function packages for data analysis and mining, including:
  • a business database storing the audit record data collected by the probe, filtered by the filter, and formatted
  • F. Including the management of probe component deployment and automatic component generation tools, users can easily expand the system to meet the complexity and variability of the audit component library of the application system;
  • G. An audit rule library that defines probe data collection strategies, real-time analyzer filtering, analysis strategies, and how post-mortem data analysis tools work;
  • a visual user console for users to configure rules and view reports and other related information.
  • Data collection agent-installed on the central server cluster of the existing large financial network system the data collection agent (Agent) provides a component-based data collection probe operation management support platform, and the data collection agent (Agent) is installed After that, all data collection probe components and data collection rule configuration information are uniformly configured and deployed in the user console and distributed to the data collection agent
  • Agent The supported operating systems are UNIX, SCO UNIX, UNIWARE, WIN98 / NT / 2000 / XP, etc. All data collection agents are connected to independent information audit control servers.
  • Control server " ⁇ ⁇ It is installed on an independent server and is the core of the entire system. It completes the filtering, formatting, storage, analysis, and alarm functions of the audit data.
  • the database server that stores the audit data can be subject to data pressure. Use a stand-alone server or merge with the control server.
  • User Console a visual graphical user terminal for users to configure rules and view reports and other related information. All management is performed on the user console.
  • bank deposit and withdrawal service is taken as an example to specifically describe the system working situation of this embodiment.
  • the application environment of the complete bank deposit and withdrawal service in this example is shown in Figure 3, and the business process is broken down as shown in Figure 4.
  • the component-based application process audit platform system of this embodiment passes the following key domain element pairs:

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

La présente invention concerne un système de plate-forme de vérification permettant de suivre et/ou de contrôler le fonctionnement de systèmes d'informations informatiques dans divers domaines, lequel appartient au domaine de la technologie de sécurité d'information informatique. Les composantes principales de ce système comprennent un mandataire d'acquisition de données connecté à un serveur de commande, un serveur de commande agissant sur le mandataire d'acquisition de données lequel comprend des sondes, une base de données de service, un analyseur en temps réel, un outil d'analyse de données ex-post, un outil d'auto-édition, une bibliothèque de politiques de vérification, une bibliothèque de gestion des connaissances de vérification et des consoles d'utilisateur. L'invention se caractérise par le processus d'analyse et d'avertissement anticipé par un contrôle en temps réel ou presque en temps réel des informations de suivi laissées par diverses procédures de comportement intérieur et extérieur sur chaque couche du système de service, pendant le processus opérationnel du système de service.
PCT/CN2003/001027 2002-12-03 2003-12-01 Systeme de plate-forme de verification pour processus d'application base sur des composantes WO2004051929A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003289636A AU2003289636A1 (en) 2002-12-03 2003-12-01 Audit platform system for application process based on components

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN02148414.7 2002-12-03
CN 02148414 CN1417690A (zh) 2002-12-03 2002-12-03 基于构件的应用过程审计平台系统

Publications (1)

Publication Number Publication Date
WO2004051929A1 true WO2004051929A1 (fr) 2004-06-17

Family

ID=4751405

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2003/001027 WO2004051929A1 (fr) 2002-12-03 2003-12-01 Systeme de plate-forme de verification pour processus d'application base sur des composantes

Country Status (3)

Country Link
CN (1) CN1417690A (fr)
AU (1) AU2003289636A1 (fr)
WO (1) WO2004051929A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110023084A1 (en) * 2006-10-11 2011-01-27 Kraemer Jeffrey A Protection of computer resources

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100359495C (zh) * 2003-09-04 2008-01-02 上海格尔软件股份有限公司 基于数据仓库的信息安全审计方法
CN1321509C (zh) * 2004-02-19 2007-06-13 上海复旦光华信息科技股份有限公司 基于映射表的通用安全审计策略定制方法
CN100456692C (zh) * 2004-10-29 2009-01-28 北京航空航天大学 可扩展广谱安全扫描分析系统及其使用方法
SG138498A1 (en) * 2006-06-29 2008-01-28 Nanyang Polytechnic Configurable multi-lingual advisory system and method thereof
US8028048B2 (en) * 2007-02-27 2011-09-27 International Business Machines Corporation Method and apparatus for policy-based provisioning in a virtualized service delivery environment
CN101426008B (zh) * 2007-10-30 2011-06-22 北京启明星辰信息技术股份有限公司 一种基于回显的审计方法及系统
CN101562534B (zh) * 2009-05-26 2011-12-14 中山大学 一种网络行为分析系统
CN102411561A (zh) * 2010-09-21 2012-04-11 上海众融信息技术有限公司 一种金融服务报告的动态生成与预览信息处理方法
TWI492171B (zh) * 2012-09-13 2015-07-11 Trustview Holding Ltd 針對客戶資料處理裝置之稽核報表自動產生系統及方法
CN104392297A (zh) * 2014-10-27 2015-03-04 普元信息技术股份有限公司 大数据环境下实现非业务流程违规行为检测的方法及系统
CN105306460A (zh) * 2015-10-13 2016-02-03 国家电网公司 一种统一漏洞补丁管理系统
CN108475220B (zh) * 2016-03-31 2021-11-02 甲骨文国际公司 用于集成事务中间件平台与集中式审计框架的系统和方法
CN107659539A (zh) * 2016-07-26 2018-02-02 中国电信股份有限公司 安全审计方法和装置
CN109635267A (zh) * 2018-12-27 2019-04-16 广东电网有限责任公司 一种审前调查报告生成方法及装置
CN112925663B (zh) * 2021-03-25 2024-06-14 支付宝(杭州)信息技术有限公司 业务数据的计算方法和装置
CN115185790B (zh) * 2022-09-09 2022-12-27 北京中科江南信息技术股份有限公司 一种用于审计业务软件的数据监控方法及设备

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000025214A1 (fr) * 1998-10-28 2000-05-04 Crosslogix, Inc. Maintien de la securite dans un reseau informatique reparti
WO2002014988A2 (fr) * 2000-08-18 2002-02-21 Camelot Information Technologies Ltd. Procede et appareil de politique de securite

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000025214A1 (fr) * 1998-10-28 2000-05-04 Crosslogix, Inc. Maintien de la securite dans un reseau informatique reparti
WO2002014988A2 (fr) * 2000-08-18 2002-02-21 Camelot Information Technologies Ltd. Procede et appareil de politique de securite

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110023084A1 (en) * 2006-10-11 2011-01-27 Kraemer Jeffrey A Protection of computer resources
US8225373B2 (en) * 2006-10-11 2012-07-17 Cisco Technology, Inc. Protection of computer resources

Also Published As

Publication number Publication date
CN1417690A (zh) 2003-05-14
AU2003289636A1 (en) 2004-06-23

Similar Documents

Publication Publication Date Title
CN101803337B (zh) 入侵检测方法和系统
Ashoor et al. Importance of intrusion detection system (IDS)
US7398389B2 (en) Kernel-based network security infrastructure
CN109587174B (zh) 用于网络防护的协同防御方法和系统
CN114978584A (zh) 基于单位单元的网络安全防护安全方法及系统
US20040015719A1 (en) Intelligent security engine and intelligent and integrated security system using the same
WO2004051929A1 (fr) Systeme de plate-forme de verification pour processus d'application base sur des composantes
CN101582883A (zh) 通用网络安全管理系统及其管理方法
Pradhan et al. Intrusion detection system (IDS) and their types
KR101282297B1 (ko) 트랜젝션 패턴분석·모니터링을 통한 서비스 네트워크형 통합보안장치 및 방법
Kim et al. DSS for computer security incident response applying CBR and collaborative response
CN116827675A (zh) 一种网络信息安全分析系统
Krishnan et al. An adaptive distributed intrusion detection system for cloud computing framework
White et al. Cooperating security managers: Distributed intrusion detection systems
CN113783886A (zh) 一种基于情报和数据的电网智慧运维方法及其系统
KR20020075319A (ko) 지능형 보안 엔진과 이를 포함하는 지능형 통합 보안 시스템
Bhati et al. A comprehensive study of intrusion detection and prevention systems
Bolzoni et al. ATLANTIDES: an architecture for alert verification in network intrusion detection systems
Anwar et al. A proposed preventive information security system
LaPadula State of the art in anomaly detection and reaction
Kishore et al. Intrusion Detection System a Need
Fanfara et al. Autonomous hybrid honeypot as the future of distributed computer systems security
Гарасимчук et al. Analysis of principles and systems for detecting remote attacks through the internet
Singhal et al. Intrusion detection systems
Patel Importance of Intrusion Detection System on Different Intrusion Attacks

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP