| 基于宽带接入服务器的分布式安全审计系统 |
| |
| 引用本文: | 苟先太,金炜东.基于宽带接入服务器的分布式安全审计系统[J].西南交通大学学报,2004,39(6):764-767. |
| |
| 作者姓名: | 苟先太 金炜东 |
| |
| 作者单位: | 西南交通大学电气工程学院,四川,成都,610031 |
| |
| 基金项目: | 感谢四川迈普数据通信公司对该项目的大力支持. |
| |
| 摘 要: | 用宽带接入服务器(BAS)作为分布式审计代理实现城域网(MAN)上的主动式安全审计系统.提出一种新的硬件包过滤机制(HPF)以适合系统的需要.BAS上的路由转发机制从“一次路由,多次交换”改为“一次审计,多次通过”.采用基于时间推理机的算法完成对UDP访问的审计.系统在试验网络中进行了测试,显示了很好的审计处理性能。
|
| 关 键 词: | 城域网 安全审计 硬件包过滤 路由交换 |
| 文章编号: | 0258-2724(2004)06-0764-04 |
Distributed Security Auditing System Based on BAS |
| |
| GOU Xian-tai,JIN Wei-dong.Distributed Security Auditing System Based on BAS[J].Journal of Southwest Jiaotong University,2004,39(6):764-767. |
| |
| Authors: | GOU Xian-tai JIN Wei-dong |
| |
| Abstract: | A broadband access server (BAS) was used as auditing agent to implement a distributed security auditing system on metropolitan area network (DSASMAN). A new packet filter mechanism based on hardware packet filter (HPF) was proposed. The mechanism of routing and forwarding in BAS was modified from "route once, switch many"to "audit once, pass many". The algorithm based on time inductive machine was used to accomplish the auditing to UDP based accesses. The proposed auditing system has been implemented in an experimental routing switch that was used as a BAS and showed good auditing performances. |
| |
| Keywords: | metropolitan area network security auditing hardware packet filter routing switch |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
