针对目前网络安全审计中存在网络日志数据分析的智能性不高及安全审计模型采用的集中式结构负担重等缺点,设计一种新的多Agent网络安全审计模型,并在该模型中引入一种改进的基于信息熵的攻击检测算法.在实际运行环境中,通过对DDoS等攻击行为进行模拟和成功检测,证明该改进模型能够有效审计部分网络入侵,提高安全审计效率和日志数据分析的智能性.%On the basis of the current audit system which is not intelligent in analyzing log data and the heavy burden disadvantage caused by its centralized architecmre,a model of multi-agent network security audit in LAN is proposed.At the same time,an improved information entropy detection algorithm is applied into network attack agent of the model.In practical conditions, the DoS attack is simulated to invade a host in LAN which can be detected and defended successfully in time.The result shows that the model can effectively audit part of the intrusion and also improve audit effieiency and log data analysis intelligence.
展开▼
