摘要
随着Web2.0技术的迅猛发展,网络安全变得更加突出。通过Web日志数据挖掘检测恶意攻击行为已经成为网络信息安全领域研究的一项重要技术,目前市场上的Web日志分析系统都是基于特征匹配来实现攻击行为检测的,虽然检测率较高,但对于新出现的或者尚未发现攻击特征的攻击类型无法识别。因此,深入研究从海量日志中挖掘恶意攻击行为技术有很强的理论意义与应用价值。论文深入研究了聚类算法中的距离定义以及异常度的定义,提出了一种有约束聚类的分簇方法,对Web日志中的HTTP请求进行分簇,最后利用统计学的思想,提出了一种近似正太分布的检测模型,并给出了基于孤立点异常度的Web攻击数据挖掘算法。通过实验验证表明,该算法能有效发现Web日志中的攻击数据,提高了检测率并降低了误报率。
With the rapid development of web2.0 technology,Web log analysis has become an important technology in net-work information security.Most web log analysis systems on the market are based on feature matching technology to achieve aggres-sive behavior detection.Although the feature matching technology has a high detection rate,it is difficult to detect the new type of at-tacks and the aggressive behavior which is not in the feature library.Therefore,the study of the digging aggressive behavior from massive web log has great practical significance and application value.This thesis studied the definition of isolated points and its sig-nificance for the attack on data mining,and studied the definition of distance and abnormality in clustering algorithms.Thesis pro-posed a constrained clustering method to classify the HTTP parameters.At last,with the help of the statistical thinking,thesis pro-posed a similar Normal Distribution model,and a mining algorithm based on the degree of abnormal outlier.After experimental veri-fication,this algorithm has already completed the task of aggressive data mining and has a higher detection rate and a lower false alarm rate as well.
作者
张路青
ZHANG Luqing(Office of Military Representatives in Elector-optical System of South Central China,Wuhan 430223)
出处
《舰船电子工程》
2018年第9期105-110,共6页
Ship Electronic Engineering
关键词
网络安全
WEB日志分析
数据挖掘
聚类分析
孤立点
network security
web log analysis
data mining
correlation analysis
cluster analysis
outlier
