基于正则表达式的协议行为审计技术研究

协议行为审计技术通过在线深度解析应用层协议来分析用户行为并进行审计，为人工分析监测网络安全事件提供依据，达到增强网络安全的目的。重点探讨了利用正则表达式进行协议行为解析的技术，并提出一个灵活、可扩展的协议行为审计技术框架。基于该技术框架实现了一个支持HTTP协议、SMB协议和TNS协议的协议行为审计系统，通过详细的实例介绍阐明了利用正则表达式进行协议行为解析技术在该系统中的运用过程。最后，该系统的测试结果验证了基于正则表达式的协议行为审计技术的有效性。

Research of Protocol Behavior Audit Technology Based on Regular Expressions

The users＇ behavior is analyzed and the audit is performed with the protocol behavior audit technology through the on-line analysis of the application layer protocol The evidence is provided for monitoring network security by the protocol behavior audit, which realizes the purpose of enhancing the network security. The technology of the protocol behavior analysis is discussed emphatically with the regular expressions. A technology framework of the flexible and scalable protocol behavior audit is proposed. Based on the technology framework, a protocol behavior audit system was implemented for auditing the HTTP protocol, SMB protocol and TNS protocol. The process of using the technology of protocol behavior analysis based on regular expressions in this system is elaborated through the introduction of the detailed example. The testing results of the system verify the effectiveness of the protocol behavior audit technology based on regular expressions.