- 學位論文
運用LZW壓縮技術於資訊軌跡即時稽核
Applying LZW Compression Technique in Real-Time Log Audit
摘要
當人類進入數位時代,E化技術改變了企業的交易型態、資料的儲存方式及報表產生的形式,加上產業的電子化、企業ERP系統導入的普及化,使得數位化資訊大幅增加。而稽核方式亦從傳統式稽核改變到倚賴IT技術的持續性稽核。資訊軌跡常用於異常分析與例外管理,或作為追溯作業流程與追蹤問題點的主要資料來源。透過log分析,可以了解企業流程控制是否完備,及發現系統是否遭非法入侵或資料被任意竄改。為確保log資料保存的安全性與保密性,並維持系統正常運作與良好的資訊品質,企業應強化其log資料安全管理與稽核的機制。目前有許多關於log稽核方式與應用或針對log資料壓縮之相關研究,但尚未發現有研究者針對壓縮後log之持續性稽核提出具體之研究方針與作法。基於以上動機,並為提高log資料存取的安全性與降低log稽核所需的時間與成本,同時為達到log即時稽核之目的,本研究結合資料壓縮的技術,運用Lempel-Ziv-Welch (LZW)字典式(dictionary-based)壓縮演算法,提出一套log壓縮與即時性稽核機制,透過系統建置與個案實作,以實際log資料執行結果驗證並評估此一機制應用之可行性與有效性。基於LZW壓縮法的無失真性,且對於重複性高的log紀錄可產生較佳的壓縮效果,因此可適用於壓縮後log資料之分析。本研究之系統設計提供使用者設定壓縮稽核參數之功能,使機制運作上更具彈性。當log紀錄產生時自動執行壓縮,並運用特徵樣式頻率規則同步偵測出可能為異常或例外的事件;透過持續監控方式及時發現問題點。本機制運用LZW字典式壓縮演算法將log紀錄壓縮編碼後儲存,於資料壓縮時同步執行異常偵測,不僅改變了log存取方式,提高log紀錄保存的安全性,同時降低資料儲存量,改善了龐大log資料量分析的效率。此外稽核人員自系統偵測出之可能異常或例外事件中快速發現問題點,可節省分析性程序執行的時間與人力,且僅需針對此範圍內之紀錄進一步調查,因此大幅縮小了證實性查核範圍,降低log稽核的複雜度與困難度,提高log稽核之效率。
並列摘要
With the continuous growth in electronic technologies and the wide use of Internet, business trading modes, data stored formats and reporting forms have changed and the number of digital information is substantially increasing. Also, auditing techniques have been shifting from the traditional method to IT-based continuous audit. For an enterprise, log management and log audit become increasingly important; nevertheless, auditing on tremendous data is relatively getting more and more difficult. Logs-analyzing can be used for discovering the business processes and for preventing from illegal intrusions or data tampering attacks. In order to secure data preservation and privacy at the same time to maintain a good system performance and information quality, enterprises need to strengthen their management of log data security and audit mechanism. Lempel-Ziv-Welch (LZW) compression algorithm is a simple and widely-applied compression method. It has better compression ratio if the data are high-redundancy. Therefore, this research develops a log compression and continuous audit mechanism combining with LZW compression technique to reach the dual purposes of compressing and auditing log entries; further to predict the potential unusual activities while compressing log data according to the pre-defined auditing rules. Through real-time and continuous monitoring, auditors can perceive instantly the most likely anomalies or exceptions. In addition, the research designs a user interface that allows auditors to define the compression and audit parameters, using real log cases in the experiment to verify the feasibility and the effectiveness of this audit mechanism. Briefly, this mechanism changes the way the log access, improving the efficiency of log analysis, and enhancing log security. Furthermore, the auditing job becomes simplified that auditors only need to trace the sources of problems of the detected anomaly events; therefore greatly reducing the time of analytical audit procedures and also saving the manual checking time, further improving log audit efficiency.
參考文獻
延伸閱讀
- 劉佑新(2017)。適用於毫米波多輸入多輸出通訊系統下以壓縮感知輔助之分層波束搜索與低複雜度預編碼器演算法設計〔碩士論文,國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU201701069
- Lin, C. H. (2009). 在隨機存取感測網路中使用分散式訊號源編碼的效能分析 [master's thesis, National Tsing Hua University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0016-1111200916105962
- Huang, W. C. (2014). 基於低功耗動脈光容積描計法訊號調變與解調變晶片設計之可攜式生理監測系統實作 [master's thesis, National Chiao Tung University]. Airiti Library. https://doi.org/10.6842/NCTU.2014.01057
- Hong, W. C. (2010). Improvement Techniques for Fast Segmentation and Compression for Boundary Information [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2010.00411
- Lee, J. M. (2011). Applying Dynamic Stubbing Technique to Support Collaborative Testing of Web Application [master's thesis, National Chiao Tung University]. Airiti Library. https://doi.org/10.6842/NCTU.2011.00674