本文選題：Web日志 + 安全事件��； 參考：《北京郵電大學》2014年碩士論文

【摘要】：隨著互聯(lián)網(wǎng)的飛速發(fā)展,“駭客”的惡意攻擊事件呈現(xiàn)快速上升的趨勢,對互聯(lián)網(wǎng)用戶的社會、經(jīng)濟利益構(gòu)成巨大威脅。大量的網(wǎng)絡攻擊行為(如SQL注入,跨站腳本攻擊)會在Web日志中留下訪問痕跡。傳統(tǒng)的Web日志安全分析局限于抓取出日志中的攻擊記錄,而忽略了攻擊行為之間的深層次關聯(lián)。而Web日志挖掘主要用以發(fā)現(xiàn)用戶的訪問行為及模式等,挖掘?qū)ο篚r有定位于Web日志中的安全事件。 單個攻擊者的攻擊行為往往是多次的并且具有時序性,而不同攻擊者在一定程度上所共有的攻擊行為必然反映了網(wǎng)站的某些安全信息。本文借助于Web日志挖掘技術,首次提出了對Web日志中攻擊行為的序列模式進行挖掘,并以此為核心設計與實現(xiàn)了一個Web日志安全分析系統(tǒng)。在研究多種網(wǎng)絡攻擊類型的基礎上,明確了Web日志中可用于安全分析的字段以及能夠通過分析Web日志進行捕捉的攻擊行為。根據(jù)這些攻擊行為的特征,通過規(guī)則匹配和統(tǒng)計分析的方法從Web日志中捕獲安全事件,進而建立攻擊序列數(shù)據(jù)庫,采用PrefixSpan算法進行挖掘,最終得到攻擊行為的序列模式。 攻擊序列模式一方面揭示了大多數(shù)攻擊者對網(wǎng)站進行了序列模式所對應的攻擊步驟,另一方面說明了網(wǎng)站存在相應的安全漏洞并被攻擊者發(fā)現(xiàn)和利用了。系統(tǒng)驗證表明,通過分析攻擊序列模式,能夠有效定位網(wǎng)站的安全漏洞,進而為網(wǎng)站管理員提供有針對性的安全信
[Abstract]:With the rapid development of the Internet, the malicious attack of "hacker" is increasing rapidly, which poses a great threat to the social and economic interests of Internet users. A large number of network attacks (such as SQL injection, cross-site scripting attacks) leave access marks in Web logs. The traditional analysis of Web log security is limited to grabbing the attack record in the log, but neglecting the deep correlation between the attack behavior. However, Web log mining is mainly used to discover users' access behavior and patterns, and there are few security events located in Web logs. The attack behavior of a single attacker is often multiple and sequential, but the attacks common to different attackers to a certain extent must reflect some security information of the website. With the help of Web log mining technology, this paper proposes the first time to mine the sequence pattern of attack behavior in Web log, and designs and implements a Web log security analysis system based on this technology. Based on the study of various types of network attacks, the fields that can be used for security analysis in Web logs and the attack behaviors that can be captured by analyzing Web logs are defined. According to the characteristics of these attacks, the security events are captured from the Web log by rule matching and statistical analysis, and then the attack sequence database is established, and the prefixSpan algorithm is used to mine the sequence pattern of the attack behavior. On the one hand, the attack sequence pattern reveals the corresponding attack steps of most attackers to the website, on the other hand, it shows that the website has a corresponding security vulnerability and is discovered and exploited by the attacker. The system verification shows that by analyzing the attack sequence pattern, we can effectively locate the security vulnerabilities of the website, and then provide the targeted security letter for the website administrator.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前1條

1 宋擒豹,沈鈞毅;Web日志的高效多能挖掘算法[J];計算機研究與發(fā)展;2001年03期

，

本文編號：2093987