Journal of Computer Applications ›› 2005, Vol. 25 ›› Issue (04): 867-869.DOI: 10.3724/SP.J.1087.2005.0867
• Information security • Previous Articles Next Articles
CHEN Li-ming1,2,YU Yan1,2,HUANG Hao1,2
Online:
Published:
陈黎明1,2,俞研1,2,黄皓1,2
Abstract:
All kinds of system events are stored in logs. After a successful intrusion, the intruder will try to modify the logs to conceal the intrusion. A method for verifying and protecting log integrity was described to make all log entries generated prior to the logging system’s compromise impossible for the attacker to undetectably modify. A set of trusted log entries was provided to other programs when damages are made to log integrity.
Key words: log integrity, one-way hash, MAC
摘要:
通常入侵者在成功控制系统后会试图更改日志文件以消除入侵痕迹,隐藏入侵行为。为 了防止入侵者隐藏其入侵行为,提出了一个日志完整性检测方法,对日志的完整性进行检测,使得入 侵者不能不被发现地更改系统被其控制以前在日志文件中写入的记录,进而提供保护。并在日志完 整性受到破坏时,给出一个可信任日志记录集合以供其他程序使用。
关键词: 日志完整性, 单向哈希函数, 报文鉴别码
CLC Number:
TP309
CHEN Li-ming,YU Yan,HUANG Hao. Method for verifying log integrity[J]. Journal of Computer Applications, 2005, 25(04): 867-869.
陈黎明,俞研,黄皓. 一个日志完整性检测方法[J]. 计算机应用, 2005, 25(04): 867-869.
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://www.joca.cn/EN/10.3724/SP.J.1087.2005.0867
http://www.joca.cn/EN/Y2005/V25/I04/867