Author(s)

Chen Chen, Rui Wang, Haiwei Li, Yijun Wang

Corresponding Author

Chen Chen

ABSTRACT

There are more and more attack that threaten the security of system application in the complex network environment. In this paper, a government website comprehensive protection system (G01) is proposed for government departments and important enterprise users to understand the weakness of their application systems. The government website comprehensive protection system (G01) is aimed at making timely and effective response against attacks from the network. Event description method in G01 is different from the previous alarm based attack log methods, which makes the attack more intuitive, clear and readable. Key technology points of backtracking attack event are detailed introduced, including the key technology of log acquisition, such as Interactive Application Security Test, Runtime Application Self-Protection, Kernel Reinforcement and Attack log analysis. G01 has high accuracy rate because it can collect logs at every step of an attack, in order to collect logs together and form security events. Attack log analysis algorithm adopted by this system determines the accuracy of the final event presentation.

KEYWORDS

Interactive Application Security Test Technology, Runtime Application Self-Protection Technology, Kernel Reinforcement Technology, Log Analysis, Backtracking Attack Event