摘要
信息系统审计是保障信息系统安全的重要环节之一。随着信息系统向大型分布式系统发展,审计事件类型大量增加,传统的对单一层面上的集中式审计已经不能适应信息系统的发展需求。同时审计记录量的急剧增涨,集中式的审计分析处理将消耗信息系统过多的带宽和资源,严重影响应用系统的效率,对事件记录的审计分析也给管理员造成繁重的负担。信息系统业务的动态扩展,传统紧耦合的审计系统结构很难适应其业务扩展的需要。Agent具有自治性、智能性、协作性等特点,基于多Agent技术的审计系统在解决复杂、动态、分布式、智能等系统应用问题上具有独特的优势。因此,研究Agent技术,设计基于多Agent的审计系统是一种新途径和新方法。
本文在深入研究信息系统审计技术和Agent技术的基础上,根据信息系统审计的需求和分布式信息系统的特点,基于多Agent技术,提出了审计系统的设计方案,构建了能够进行分布式、多层次数据采集和智能监测的审计系统体系结构,具有良好的灵活性和可扩展性。设计了系统的通信机制,有效解决了系统通信信息的动态更新问题;设计了系统的协作机制,重点提出了协作推理算法,实现了多Agent协作完成分布式审计分析的方案,解决了审计数据分布式存储和分布式审计分析问题,避免了大量数据在网络传输造成的瓶颈,并通过给出的时间验证和目标函数机制保证了协作推理的正确性和实时性;详细论述了系统的关键技术及其设计方法,并实现了审计系统的主要功能。
ISA (Information System Audit) is one of the important teaches to ensure the security of information system. With the tendency of the development to the large scale distributed information system, types of auditing events increase greatly, the traditional, centralized auditing in single aspect cannot meet the requirement of the development of information system. At the same time, the auditing quantities of memorizing increase drastically, the centralized auditing analysis has to consume superfluous resources and bandwidth of information system, which badly tamper with efficiency of systems' efficiency. It burdens the administrators of system heavily to analyze the audit event. With the operation of information system extending dynamically, the strict-coupling architecture of traditional audit systems is hard to accommodate the requirement of the operations' expansibility. Agent is with characteristic of autonomy, intelligence, cooperation, etc. The audit system based on multi-agent has the unique predominance to solve the complicated, dynamic, distributed and intelligent application process. So to research the Agent technologyies and design the audit system based on multi-agent is a a new approach and method.
In this thesis, the ISA and the Agent technologyies are deeply researched. According to requirements of ISA and characteristics of distributed information systems, the design scheme is presented and the audit system's architecture is constructed, which can collect distributed and multi-layer data and surpervise the condition of information system intelligently. This architecture has the better agileness and expansibility. The communications mechanism is designed to solve the dynamic communications' information of the system. The cooperation mechanism is designed and an algorithm of cooperated ratiocination is proposed in particular to realize the scheme of distributed audit analysis with multi-agents' cooperation. In this way, the audit data which is stored in distributed has been audited and analyze in distributed mode avoiding transmission of large numbers of data in network that lead to the bottleneck in network. Then the correctness and Real-time mechanism are ensured by time validation mode and the Goal function. At last the thesis discusses the key technologies and design approaches, and then achieves the main function of the audit system.
引文
[1]Miller B. P, Koski D, Lee. Cjin Pheow. A re-examination of the reliability of UNIX utilities and sevices [C]. Technical Report, Department of Computer Sciences, University of Wlsconsin, 1995.
[2]Matt Bishop. Conputer Security: Art and Science [M].北京:电子工业出版社,2005.
[3]Jennings, N. J., etc. Using ARCHON to develop real-world DAI applications for transportation management and paticle accelerator control [J]. IEEE Export, Dec. 1996.
[4]Sycara K P.. Multi-Agent Systems [C]. AAAI, 1998:79-92.
[5]Huaglory Tianfield, Jiang Tian, Xin Yao. On the architectures of complex multi-agent-systems [J]. IEEE, 2003:195-196.
[6]H. S. Nwana, D. T. Nudmu. An Introduction to Agent Techology. Software Agents and Soft Computing: Towards Enhancing Machine Intelligence [C]. XIV, 1997:3-26.
[7]Object Management Group. Agent Platform Special Innterest Group. Agent Technology Green Paper Version 1.0. http://www.objs.com/agent/index.html.2000.
[8]Information System Audit and Control Association Standards Guidelines and procedures for IS Audit [C]. 2002.
[9]OMG. The common object request broker, architecture and specifcation [C], July 1995.
[10]Wooldridge M, Jennings NR. Intelligent Agents: Theory and practice [J]. Knowledge Engineering Review, 1995,10(2):115-152.
[11]Stuart Russell, Peter Noving. Artificial Intelligentce: A Modem Approach (Second Edition) [M]. Beijing: Posts & Telecommunications Press, 2003.
[12]Gaspari. M. An ACL for a dynamic system of agents [J]. Computational Intelligence, 2002,18(2).
[13]Shoham. Y. Agent-Oriented programming [J]. Artifical Intellingence, 1993,60(1):51.92.
[14]BOYER RS, MOORE JS. A fast string searching algorithm [J]. Communications of ACM, 1977,20(10):762-772.
[15]Ciancarini P., Wooldridge M., Agent-Oriented Software Engineering [J]. Springer-Verlag Lecture Notes in AI, 2001, vol. 1957:1.
[16]Kinny D., Georgeff M., Rao A. A Methodology and modeling Technique for Systems of BDI Agents [C]. In W. Van de Velde and J. W. Pemam, editors, Agents Breaking Away: Proceedings of the 7th European Workshop on Modeling Autonomous Agents in a Multi-Agent World. Springer-Verlag LNAI, 1996, vol. 1038:56-71.
[17]Collinot A., Ihogoul A., Benhamou P. Agent Oriented Design for Soccer Robot Team [C].
Proceedings of the 2nd International Conference on Muti-Agents Systems (ICMAS-96), Kyoto, Japan, 1996:41-47.
[18]Wooldridge M., Jennings N. R., Kinny D. The Gaia Methodology for Agent-Oriented Analysis and Design [J]. Journal of Autonomous Agents and Multi-Agent Systems, 1000,3(3):285-312.
[19]ISACA. Certified Information System Auditor TMReview Manual, 2003.
[20]I. J Douglas. Audit and Control of Systems Software. Manchester: NCC Pub, 1983.
[21]蔡红柳,何新华.信息安全技术及应用实验[M],北京:科学出版社,2004.
[22]Wooldridge M, Jennings N, Intelligent Agents: Theory and Practice [J]. Knowledge Engineering Review, 1995,10(2).
[23]H Tianfield, Rainer Unland. How multi-Agent problem solving processes Can be influenced [C]. In Proceedings of International ICSC Symposium on Multi-Agents and Mobile Agents in Virtual Organizations and E-Commerce (MAMA), Wollongong. Australia, 2000.
[24]孙强.信息系统审计—安全、风险管理与控制[M].北京:中信出版社,2003.
[26]何炎祥,陈莘萌.Agent和多Agent系统的设计与应用[M].湖北:武汉大学出版社,2001.
[25]G Weiss. MultiAgent Sytems: a modern approach to distributed artificial intelligence [M]. The MIT Press, 1999.
[27]夏定纯,徐涛.人工智能技术与方法[M].华中科技大学出版社,2004.
[28]Xiaobin Wei, Rainer Unland. An XML-based Agent Communication Framwork [C]. Workshop on Agents and CSCW: A fruitful Marriage. The German Conference on Computer-Supported Cooperative Work (D-CSCW-2000), Munich. Germany, 2000.
[29]Y Labrou, T Finin, Y Peng. Agent communication languages; the current landscape [J]. IEEE Intelligent Sytems, 1999,14(2):45-52.
[30]Tim. Finin, Jay. weber, Specification of KQML, Agent Communication Language [J]. The DARPA Knowledge Sharing Initiative. External Interfaces Working Group, June, 1992.
[31]戴英侠,连一峰,王航.系统安全与入侵检测[M].北京:清华大学出版社,2002.
[32]董红斌,王建化.多Agent技术研究[J],计算机应用研究,1999,16(10):29-30.
[33]胡代平,王烷尘.多Agent宏观经济决策支持系统的开发[J],中国矿业大学学报,2001,30(1):56-58.
[34]黄逸民,张建明,王树青.于Agent的智能决策支持系统[J],计算机技术,2003,30(6):32-34.
[35]Ron Soukup, Kalen Delaney. Microsoft SQL Server 7.0技术内幕[M].北京:北京大学出版社,2000.
[36]Lee Brownston et al., Programming Expert System in OPSS: An Introduction to Rule-Based Programming [J]. Addison-Wesley, 1985.
[37]Charles L. Forgy. Rete: A Fast Algorithm for the Many Pattern/Many Object Pattern Match Problem [J]., Artificial Intelligence, 1985,19:17-37.
[38]Charles L. Forgy. On the Efficient Implementation of Production Systems [D]. Ph. D. thesis, Carnegie-Mellon University, 1979.
[39]Joseph C, Giarratano Gary D. Riley. Expert System: Principles and Programming (Fourth Edition) [M].北京:机械工业出版社,2006.
[40]聂亚杰,刘大听,马惠玲.Agent的体系结构[J],计算机应用研究,2002.
[41]胡克谨.IT审计[M].北京:电子工业出版社,2002.
[42]邓少灵.企业IT审计的框架[J],中国审计,2002,(1):58-60.
[43]郝晓玲,胡克谨.信息系统审计的体系框架初探[J].同济大学学报(社会科学版),2003,14(5):71-75.
[44]http://activist.gpl.ibm.com:81/WhitePaper/ptc2.htm
[45]胡代平.基于Multi-Agent的模型体系及其应用[J].上海交通大学士后科研出站报告,2002.
[46]刘向军,刘世平,张洁等.多Agent系统通信与协作机制构造[J].机械设计与制造工程,2002,31(2):40-42.
[47]仲智刚,潘晓弘,程向东.面向Agent的智能制造系统控制结构研究[J].机电工程,1999第5期:136-138.
[48]曾毅.分布式安全审计关键技术研究[D].电子科技大学硕士学位论文,2004.
[49]吴璇.基于信息系统的审计理论、模型及应用[D].天津大学硕士学位论文,2004.
[50]孙育宁.事件告警分析引擎的设计与实现[D].中国科学院计算技术研究所硕士学位论文,2005.
[51]樊玮.多Agent智能决策支持系统开发方法研究[D].南开大学博士学位论文,2003.
[52]伍少成.Agent的强化学习与通信技术研究及应用[D].华南理工大学博士士学位论文,2006.
[53]刘大有,杨鲲,陈建中.Agent研究现状与发展趋势[J].软件学报,2000,11(3):315-321.
[54]吕建,张鸣,廖宇等.基于移动Agent技术的软件构件框架研究[J].软件学报,2000, Vol. 11. No. 8.
[55]知识与知识表示技术,http://cs.zjei.net/~zzx/5.ppt.
[56]邓春梅.信息系统审计的理论架构_论其学科归属与基于风险审计理论的操作流程[D].重庆大学硕士学位论文,2004.
[57]陈奇辉,陆惠玲.主动数据库的事件监测模型[J].齐齐哈尔大学学报,2004, Vol20 No. 3 Sep.
[58]E. J. friedman-Hill. Jess, The Java Expert System Shell, September 10,2001.
[59]陈建伟,唐平.基于Java规则引擎的足球机器人系统决策研究[J].广东工业大学学报,2003, Vol. 20, No4.
[60]Giarratano, J. Riley. G. Expert Systems Principles and Programming [M]. PWS Publish Company, 1998.
[61]Tim Finin, Tay Weber. Draft Specification of the KQML Agent-Communication Language. http://www.case.umbc.edu/kqml/kqmlspec/spep.html, 1993.08
[63]Balasubramaniyan. J. et al.. An Architecture for Intrusion Detection using Autonomous Agents [D]. Department of Computer Sciences, Purdue University, Coast TR 98-05,1998
[64]姚莉,张维明.智能协作信息技术[M].电子工业出版社,2002.
[65]王忖,宜建军,姜美玉.基于多Agent技术的审计信息系统架构与实现[J].现代情报,2006第6期:211-212.
[66]文巨峰,姜玉泉,邢汉承,基于计算机审计的多Agent系统体系架构[J].计算机应用,2005第4期:923-926.
[67]Information System Audit and Control Association Standards Guidelines and procedures for IS Audit [A], 2002.
[68]薛富平.浅谈信息系统审计和传统审计的区别和联系.http://crp.newmaker.com/articals/1320006/0/1.html.
[69]D. E. Bell and L. j. LaPadula. Secure computer Systems: Unified exposition and multics interpretation [M]. Mitre Technical Report ESD-TR-75-306, Mitre Corporation, 1976.03.
[70]张世勇.信息安全审计技术的发展和应用[J].专题:网络与信息安全,http//www.cqvip.com:29-32.
[71]Wooldridge M J. The Gaia Methodology For Agent-Oriented Analysis and Design [J]. Autonomous Agents and Multi-Agent Systems, 2003.3(3)::285~312.
[72]A Omicini. Agent-Oriented Software Engineering for Internet Application [M]. Franco Zam boneli, Published as Chapterl 3 in the book: Coordination of Internet Agents: Models. Technologies and Applications, 2000.
[73]Robert B. Doorenb. Production Matching for Large Learning Systems [D]. the Ph.D Thesis of Computer Science Department of University of Southern California/Information Sciences Institute, 1995:10-11.
[74]Tim. Finin, Wiederhold G. An Overview of KQML: A knowledge Query and Manipulation Language [J]. Department of Computer Science, Stanford University, 1991.
[75]Jeong Ah Kim, Young Taek Jin etc. A Business Component Aproach For Supporting the Variability of the Business Strategies and Rules, ICCSA 2005, LNCS 3482,2005,846-857.
[76]Java规则引擎的集成.http://starrynight.blogdriver.com/starrynight/237938.html,.