發(fā)布時(shí)間：2018-07-17 03:54

【摘要】：伴隨著計(jì)算機(jī)技術(shù)和網(wǎng)絡(luò)技術(shù)的發(fā)展,它們在人們生活中的作用逐步增加,已成為生活中必要的一部分。盡管網(wǎng)絡(luò)的迅速發(fā)展給人類提供了極大的快捷和便利,但是網(wǎng)絡(luò)病毒、黑客入侵和網(wǎng)絡(luò)犯罪等現(xiàn)象的出現(xiàn)也給人們的財(cái)產(chǎn)和個(gè)人信息安全帶來了非常之大的負(fù)面影響,已經(jīng)成為亟待人們解決的問題。網(wǎng)絡(luò)安全問題越來越受到人們重視,而作為網(wǎng)絡(luò)安全中的重要一環(huán),網(wǎng)絡(luò)取證的作用已不言而喻,而證據(jù)分析作為這個(gè)過程中最關(guān)鍵的一步,人們對此的研究更是下了非常大的功夫。因此本文致力于研究證據(jù)分析,并融合關(guān)聯(lián)規(guī)則挖掘的算法獲得證據(jù),設(shè)計(jì)實(shí)現(xiàn)了一種基于Apriori算法的證據(jù)分析系統(tǒng),最后在改進(jìn)過程中,通過模擬攻擊對該系統(tǒng)測試,測試結(jié)果較為滿意。下面是本文內(nèi)容簡要概括:(1)在借鑒了國內(nèi)外眾多前沿的研究情況下,結(jié)合自身情況、做相關(guān)調(diào)查,對系統(tǒng)進(jìn)行了需求分析,對研究方向做出了定位,學(xué)習(xí)了相關(guān)技術(shù),包括wireshark抓包技術(shù)、MD5數(shù)據(jù)完整性校驗(yàn)技術(shù)、Webservice技術(shù)等。(2)在學(xué)習(xí)了大量數(shù)據(jù)挖掘關(guān)聯(lián)規(guī)則方面的知識后,對于關(guān)聯(lián)分析有了一定的理解,并對傳統(tǒng)的關(guān)聯(lián)規(guī)則方法Apriori算法提出了相應(yīng)的改進(jìn),改進(jìn)算法能夠有效地緩解傳統(tǒng)Apriori算法的缺點(diǎn),較快地對數(shù)據(jù)進(jìn)行關(guān)聯(lián)分析。(3)在需求分析的基礎(chǔ)上,設(shè)計(jì)系統(tǒng)的基本框架和內(nèi)部詳細(xì)功能。首先對系統(tǒng)進(jìn)行了概要設(shè)計(jì),本文將基于Apriori算法的證據(jù)分析系統(tǒng)分為客戶端和服務(wù)器端兩個(gè)子系統(tǒng),客戶端主要負(fù)責(zé)采集數(shù)據(jù),服務(wù)器端主要負(fù)責(zé)分析數(shù)據(jù)。具體地說,客戶端又由用戶登錄、數(shù)據(jù)采集、數(shù)據(jù)存儲(chǔ)、數(shù)據(jù)上傳、下載報(bào)告五個(gè)功能模塊構(gòu)成;其中用戶登錄模塊根據(jù)用戶輸入的用戶名和密碼,對用戶的身份進(jìn)行驗(yàn)證;數(shù)據(jù)采集模塊負(fù)責(zé)采集數(shù)據(jù),為證據(jù)分析提供數(shù)據(jù)支持,這里主要設(shè)計(jì)采集網(wǎng)絡(luò)數(shù)據(jù)包和用戶下載文件記錄;數(shù)據(jù)存儲(chǔ)模塊負(fù)責(zé)將數(shù)據(jù)采集模塊采集到的數(shù)據(jù)存儲(chǔ)到數(shù)據(jù)庫中,既方便了后期的數(shù)據(jù)分析,又保留了證據(jù);數(shù)據(jù)上傳模塊將數(shù)據(jù)上傳到Webservice平臺,方便其他用戶直接調(diào)用;下載報(bào)告模塊是在服務(wù)器端生成取證報(bào)告后,用戶可以在客戶端下載取證報(bào)告,將結(jié)果反饋給用戶;服務(wù)器端由數(shù)據(jù)查看、數(shù)據(jù)分析、生成報(bào)告三個(gè)功能模塊構(gòu)成;其中數(shù)據(jù)查看模塊主要負(fù)責(zé)查看客戶端采集到的未經(jīng)處理的數(shù)據(jù);數(shù)據(jù)分析模塊主要是運(yùn)用各種方法對原始數(shù)據(jù)進(jìn)行處理,得到需要的證據(jù),本文主要運(yùn)用改進(jìn)的Apriori算法對客戶端采集到的數(shù)據(jù)進(jìn)行關(guān)聯(lián)分析,得到證據(jù),比如檢測洪水攻擊,分析用戶下載文件的行為等;生成報(bào)告模塊是在得到證據(jù)后,用報(bào)告的形式展示出來,呈現(xiàn)給用戶。最后又分別對客戶端和服務(wù)器端進(jìn)行數(shù)據(jù)庫設(shè)計(jì),設(shè)計(jì)了數(shù)據(jù)表,保證數(shù)據(jù)的存儲(chǔ)完整;(4)在完成需求分析和系統(tǒng)設(shè)計(jì)后,本文采用C/S架構(gòu)模型,以VS2010作為開發(fā)軟件,實(shí)現(xiàn)了由Apriori算法改進(jìn)了的證據(jù)分析系統(tǒng)的各項(xiàng)功能,對代碼進(jìn)行簡單介紹,并對系統(tǒng)界面進(jìn)行展示。最后,通過測試,發(fā)現(xiàn)系統(tǒng)能夠高效準(zhǔn)確地分析出數(shù)據(jù)間的關(guān)聯(lián)性,檢測攻擊,獲得相關(guān)證據(jù)。
[Abstract]:With the development of computer technology and network technology, their role in people's life has gradually increased and has become a necessary part of life. Although the rapid development of the network provides great shortcuts and conveniences for human beings, the appearance of network viruses, hacker invading and network offense is also given to people's property and personal letter. Interest security has brought very big negative effects and has become an urgent problem to be solved. The problem of network security has been paid more and more attention. As an important part of network security, the role of network forensics has been self-evident, and evidence analysis is the most important step in this process. So this article is devoted to the research of evidence analysis and the fusion of association rules mining algorithm to obtain evidence, and design and implement an evidence analysis system based on Apriori algorithm. Finally, in the process of improvement, the test results are satisfactory by simulation attack. The following is a brief summary of the contents of this paper: (1) Referring to the research situation of many frontiers at home and abroad, combining with its own situation, doing relevant investigation, carrying out the requirement analysis to the system, making a positioning for the research direction and learning related technologies, including Wireshark packet technology, MD5 data integrity verification technology, Webservice technology, etc. (2) learning a large number of data mining association rules. After knowledge, it has a certain understanding of association analysis, and puts forward the corresponding improvement to the traditional association rule method Apriori algorithm. The improved algorithm can effectively alleviate the shortcomings of the traditional Apriori algorithm and analyze the data quickly. (3) the basic framework and internal detailed work of the system are designed on the basis of the requirement analysis. Firstly, the system is briefly designed. In this paper, the evidence analysis system based on Apriori algorithm is divided into two subsystems, the client and the server. The client is responsible for collecting data and the server is responsible for the analysis of the data. In particular, the client is logged in, data collection, data storage, data upload, and downloading reports. The user login module is responsible for the user's identity according to the user name and password entered by the user. The data acquisition module is responsible for collecting data and providing data support for the analysis of evidence. The main design is to collect the network data packets and download the records of the users, and the data storage module is responsible for collecting data. The data collected by the module is stored in the database, which not only facilitates the later data analysis, but also preserves the evidence. The data upload module uploads the data to the Webservice platform to facilitate the direct call of other users; the download report module is to generate the evidence report on the server side, and the user can download the evidence report on the client side and feed back the result feedback. The server side is composed of three functional modules, which are data view, data analysis, and report generation. The data view module is mainly responsible for checking the unprocessed data collected by the client. The data analysis module mainly uses various methods to process the original data and obtain the necessary evidence. This article mainly uses the improved Apri The ori algorithm analyses the data collected by the client and obtains the evidence, such as the detection of flood attack, the analysis of the user's behavior of downloading the file, etc. the generation report module is displayed in the form of report and presented to the user after obtaining the evidence. Finally, the database is designed and the data are designed for the customer and server end respectively. Table, ensure the integrity of data storage; (4) after the completion of the requirements analysis and system design, this paper uses the C/S architecture model and VS2010 as the development software, realizes the functions of the evidence analysis system improved by the Apriori algorithm, introduces the code and displays the system interface. Finally, through testing, the system can be found. Analyze the correlation between data efficiently and accurately, detect attacks and obtain relevant evidence.
【學(xué)位授予單位】：山東師范大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP311.13;TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 王華;梁華銀;;改進(jìn)的Apriori算法在高校教學(xué)管理系統(tǒng)中的應(yīng)用[J];科技信息(學(xué)術(shù)研究);2008年34期

2 張玉強(qiáng);于鳳全;金立峰;朱曉飛;;Apriori算法在雷達(dá)故障診斷系統(tǒng)中的應(yīng)用研究[J];電腦知識與技術(shù);2011年07期

3 李陽;朱宗勝;;基于優(yōu)化Apriori算法的入侵檢測系統(tǒng)模型設(shè)計(jì)[J];計(jì)算機(jī)安全;2009年11期

4 王冬秀;胡迎春;李輝;;改進(jìn)的Apriori算法在股票分析中的應(yīng)用研究[J];科技通報(bào);2013年03期

5 高琰;王臺華;郭帆;余敏;;應(yīng)用非迭代Apriori算法檢測分布式拒絕服務(wù)攻擊[J];計(jì)算機(jī)應(yīng)用;2011年06期

6 鄭麟;;一種直接生成頻繁項(xiàng)集的分治Apriori算法[J];計(jì)算機(jī)應(yīng)用與軟件;2014年04期

7 陶榮;;基于Apriori算法在學(xué)生信息管理系統(tǒng)中的應(yīng)用與研究[J];計(jì)算機(jī)光盤軟件與應(yīng)用;2012年21期

8 明勇;;基于數(shù)據(jù)挖掘的Apriori算法在入侵檢測中的應(yīng)用[J];電腦知識與技術(shù);2005年35期

9 肖桂艷;周滿元;;Apriori算法在基于網(wǎng)絡(luò)入侵檢測系統(tǒng)中的應(yīng)用[J];微計(jì)算機(jī)信息;2010年06期

10 吳昊;李軍國;;一種改進(jìn)的Apriori算法在交通信息化中的應(yīng)用[J];信息化縱橫;2009年08期

相關(guān)會(huì)議論文 前7條

1 劉擎;劉云濤;羅翌;;關(guān)聯(lián)規(guī)則挖掘Apriori算法在當(dāng)代名老中醫(yī)流感醫(yī)案挖掘中的應(yīng)用及改進(jìn)探討[A];2012中國中西醫(yī)結(jié)合學(xué)會(huì)急救醫(yī)學(xué)專業(yè)委員會(huì)學(xué)術(shù)年會(huì)論文集[C];2012年

2 陳波;董鵬;邵勇;;基于Apriori算法及其改進(jìn)算法綜述[A];中國通信學(xué)會(huì)第五屆學(xué)術(shù)年會(huì)論文集[C];2008年

3 張彥;劉偉;;結(jié)合超市數(shù)據(jù)的關(guān)聯(lián)規(guī)則Apriori算法淺析[A];2007北京地區(qū)高校研究生學(xué)術(shù)交流會(huì)通信與信息技術(shù)會(huì)議論文集（上冊）[C];2008年

4 楊宗波;宗容;�？�;彭廣軍;;入侵檢測中Apriori算法的研究與改進(jìn)[A];2009年研究生學(xué)術(shù)交流會(huì)通信與信息技術(shù)論文集[C];2009年

5 梁昌勇;趙艷霞;;基于RFM分析的銀行信用卡客戶的行為評分模型——應(yīng)用自組織映射神經(jīng)網(wǎng)絡(luò)SOM和Apriori方法[A];第二屆全國信息檢索與內(nèi)容安全學(xué)術(shù)會(huì)議（NCIRCS-2005）論文集[C];2005年

6 高明;盛立;劉希玉;;關(guān)聯(lián)規(guī)則挖掘中Apriori算法的一種改進(jìn)[A];山東省計(jì)算機(jī)學(xué)會(huì)2005年信息技術(shù)與信息化研討會(huì)論文集（二）[C];2005年

7 萬敏;潘笑;賓誼沅;;利用Apriori算法實(shí)現(xiàn)WEB的個(gè)性化服務(wù)[A];2005通信理論與技術(shù)新進(jìn)展——第十屆全國青年通信學(xué)術(shù)會(huì)議論文集[C];2005年

相關(guān)碩士學(xué)位論文 前10條

1 趙宏利;改進(jìn)的Apriori算法在大學(xué)生心理分析中的研究[D];華中師范大學(xué);2015年

2 王丹;基于云計(jì)算的關(guān)聯(lián)規(guī)則Apriori算法的研究與實(shí)現(xiàn)[D];南昌大學(xué);2015年

3 楊財(cái)英;Apriori算法及其在學(xué)生成績分析中的應(yīng)用研究[D];湖南大學(xué);2016年

4 吳博;Apriori算法挖掘技術(shù)在WANO人因數(shù)據(jù)中的應(yīng)用研究[D];南華大學(xué);2016年

5 侯建輝;基于改進(jìn)Apriori算法的名老中醫(yī)治療高血壓病驗(yàn)案挖掘研究[D];山東中醫(yī)藥大學(xué);2016年

6 孫朝暉;基于Apriori算法的證據(jù)分析系統(tǒng)設(shè)計(jì)[D];山東師范大學(xué);2017年

7 王達(dá)明;基于云計(jì)算與醫(yī)療大數(shù)據(jù)的Apriori算法的優(yōu)化研究[D];北京郵電大學(xué);2015年

8 楊國英;泛在網(wǎng)下基于Apriori算法的移動(dòng)群組的位置預(yù)測[D];南京郵電大學(xué);2013年

9 丁磊;一種改進(jìn)的Apriori算法在手機(jī)評教系統(tǒng)中的研究[D];華中師范大學(xué);2014年

10 朱惠;關(guān)聯(lián)規(guī)則中Apriori算法的研究與改進(jìn)[D];安徽理工大學(xué);2014年

，

本文編號：2128895