摘要
为了提高日志分析是当前进行入侵检测和安全防御的重要手段。针对传统基于规则的分析方法中误报、漏报较高,应对海量日志分析效率过低的问题,该文章提出了一种基于深度学习的分布式安全日志分析方法,通过将深度学习算法与现有黑白名单、规则匹配以及统计策略等技术结合,进行日志分析,检测网络中的安全威胁。系统采用分布式的存储和计算平台,能够进行离线和实时两种日志分析模式,可以满足大多数场景下海量的日志数据分析需求。
Log analysis is an important means of intrusion detection and security defense. Aiming at the problem of low false positives and false negatives in traditional rule-based analysis methods, and dealing with the low efficiency of massive log analysis, this paper proposes a distributed security log analysis method based on deep learning. The method uses a deep learning algorithm combined with existing black and white lists, rule matching, and statistical strategies to perform log analysis and detect security threats in the network. The system adopts a distributed storage and computing platform, which can perform both offline and real-time log analysis modes, which can meet the needs of massive log data analysis in most scenarios.
作者
尹慧
花嵘
郭宁
尹韬
YIN Hui;HUA Rong;GUO Ning;YIN Tao(College of Computer Science and Engineerin,Shandong University of Science and Technolog,Qingdao 266510,China;Key Laboratory of Trustworthy Distributed Computing and Service(BUPT),Ministry of Education;College of Computer,Xi’an University of Posts&Telecommunications,Xi’an 710100,China)
出处
《软件》
2020年第3期272-277,共6页
Software
关键词
深度学习
分布式
日志分析
入侵检测
Deep learning
Distributed
Log analysis
Intrusion detection