摘要
设计并实现一种恶意网页动态检测模型。模型通过对Capture-HPC蜜罐日志进行数据挖掘的方法,解决了蜜罐系统检测误警率过高的问题。通过将蜜罐日志转换成操作序列和挖掘序列,可以有效地通过聚类分析提取属性特征信息,并优化作为判别依据的黑白名单。通过实验验证了模型设计的合理性,以及模型降低误警率的有效性。
In this paper,a dynamic malicious web page detection model is designed and implemented,and based on mining the data of Capture-HPC honeypot logs,the high false-alarm rate problem in honeypot system has been solved.The system converts honeypot logs into operation and data mining sequences,from which the attribution feature information can be extracted effectively by cluster analysis,and be the white and black list of differentiation basis after optimisation.In the paper we validate through an experiment the rationality of the model design and the effectiveness of model in false-alarm reduction.
出处
《计算机应用与软件》
CSCD
北大核心
2013年第5期1-3,共3页
Computer Applications and Software
基金
国家自然科学基金项目(61171173)
关键词
恶意网页
蜜罐日志
数据挖掘
误警率
Malicious web page Honeypot log Data mining False-alarm rate
