Design and implementation of distributed security audit system

Security audit catch more and more attentions.But most distributed security audit systems are immature.Firstly,the notion of distributed security audit system is introduced.Then a distributed multilayered security audit system based on data mining techniques is proposed.The design of system functionalities and architecture is emphasized.At the same time,some important implementation techniques are specified,including the XML log format,multi-string matching,fuzzy aggregation and association security rules.The ability of detecting efficiency and discovering unknown attack is improved,the security of the system is enhanced,and evaluating the security level of the whole system is availability.