The complexity of operating systems and communication networks has resulted in an increased difficulty in designing reliable security protection mechanisms. As a result of insuffient secure mechanisms, Economic loss rises greatly. For more secure system, we must remove system vulnerability, analyze efficiently audit log and prevent re-intrusion.
In this thesis, we attempted to answer a question on how to best provide intruder-investigation through analysis of audit logs and prevent intrusion for an real environment by revising the system vulnerability. We implemented ILVA tool that provide efficient audit-log analysis and globally Security vulnerability detector with ThML document to adapt specific real environments.
Finally, we emphasize that the system monitoring tool which monitor the behavior of users and the status of a system through audit analysis and integrated security vulnerability detector which can easily added new modules, is required to enhance system's security.
