【摘要】：隨著Internet的迅猛發(fā)展,基于web技術和數(shù)據(jù)庫架構的網絡應用逐漸成為了主流,廣泛應用于在我們生活的各個方面。web服務非常便捷,人們對它的依賴度也越來越大,購物、支付和其他消費等很多日�；顒佣荚趙eb平臺中進行。由于web服務的遠程訪問性以及各種web服務程序存在的大量漏洞,使得web攻擊的手段層出不窮,成為被黑客攻擊最多的目標之一。近幾年頻繁發(fā)生的web安全事件對用戶和企業(yè)都帶來了極大的影響,削弱了 web應用發(fā)展的趨勢。因此研究具有高適應性的web入侵檢測系統(tǒng)迫在眉睫。傳統(tǒng)的入侵檢測方法首先會對已知的攻擊行為進行建模,形成規(guī)則特征庫,這對已知的攻擊行為能較好的檢測。然而這種web入侵檢測方式漏檢率高,不能檢測未知的攻擊,并且需要經常更新特征庫。本文通過從web服務器的日志中提取特征向量,再將特征向量利用K-means算法進行聚類分析,從海量web日志中挖掘出正常和異常訪問。這種將數(shù)據(jù)挖掘應用于入侵檢測的系統(tǒng)不僅減少了人工編碼及分析帶來的繁重工作,而且提高了入侵檢測系統(tǒng)的適應性。本文所做的具體工作如下所示:1.提出一種web日志預處理和特征提取的方法。2.設計了基于分布式數(shù)據(jù)挖掘的web應用入侵檢測系統(tǒng)。該系統(tǒng)主要包括日志收集模塊、聚類分析模塊和入侵檢測模塊。采用分布式對日志文件進行數(shù)據(jù)收集,并根據(jù)入侵檢測的需求做數(shù)據(jù)預處理。利用K-means算法做聚類分析得到入侵檢測規(guī)則,再利用此規(guī)則對新數(shù)據(jù)做入侵檢測。3.利用收集的web日志對系統(tǒng)進行了測試。實驗結果表明,本系統(tǒng)對XSS、SQL注入和CSRF攻擊有較好的檢測能力。
[Abstract]:With the rapid development of Internet, the network application based on web technology and database architecture has gradually become the mainstream, widely used in all aspects of our lives. Web service is very convenient, people rely more and more on it, shopping, Many daily activities, such as payments and other expenses, are carried out on the web platform. Because of the remote access of web services and the existence of a large number of vulnerabilities in various web service programs, web attacks emerge in endlessly, and become one of the most targeted attacks by hackers. In recent years, the frequent web security incidents have brought great influence to both users and enterprises, which has weakened the development trend of web applications. Therefore, it is urgent to study the web intrusion detection system with high adaptability. The traditional intrusion detection method first models the known attack behavior and forms the rule signature library which can detect the known attack behavior better. However, this web intrusion detection method can not detect unknown attacks because of its high missed detection rate, and it needs to update the signature library frequently. In this paper, the feature vectors are extracted from the logs of the web server, and then the feature vectors are analyzed by using the K-means algorithm to extract the normal and abnormal access from the massive web logs. The application of data mining in intrusion detection system not only reduces the heavy work brought by manual coding and analysis, but also improves the adaptability of intrusion detection system. The specific work done in this paper is as follows: 1. This paper presents a method of web log preprocessing and feature extraction. 2. Web application intrusion detection system based on distributed data mining is designed. The system mainly includes log collection module, cluster analysis module and intrusion detection module. The log files are collected by distributed data collection, and the data preprocessing is made according to the requirement of intrusion detection. K-means algorithm is used to cluster analysis to obtain intrusion detection rules, and the rules are used to detect new data. 3. 3. The system was tested using the collected web logs. Experimental results show that the system can detect XSS,SQL injection and CSRF attacks.
【學位授予單位】：北京郵電大學
【學位級別】：碩士
【學位授予年份】：2016
【分類號】：TP311.13;TP393.08

【參考文獻】

相關期刊論文 前10條

1 周琪鋒;;基于網絡日志的安全審計系統(tǒng)的研究與設計[J];計算機技術與發(fā)展;2009年11期

2 石彪,胡華平,劉利枚;網絡環(huán)境下的日志監(jiān)控與安全審計系統(tǒng)設計與實現(xiàn)[J];福建電腦;2004年12期

3 楊武,方濱興,云曉春,張宏莉;入侵檢測系統(tǒng)中高效模式匹配算法的研究[J];計算機工程;2004年13期

4 劉濤 ,薛質 ,唐正軍 ,李建華;基于數(shù)據(jù)挖掘的大規(guī)模分布式入侵檢測系統(tǒng)的設計[J];信息安全與通信保密;2004年05期

5 宋世杰,胡華平,胡笑蕾,金士堯;基于數(shù)據(jù)挖掘的網絡型誤用入侵檢測系統(tǒng)研究[J];重慶郵電學院學報(自然科學版);2004年01期

6 胡敏,潘雪增,平玲娣;基于數(shù)據(jù)挖掘的實時入侵檢測技術的研究[J];計算機應用研究;2004年01期

7 羅敏,王麗娜,張煥國;基于無監(jiān)督聚類的入侵檢測方法[J];電子學報;2003年11期

8 趙偉,何丕廉,陳霞,謝振亮;Web日志挖掘中的數(shù)據(jù)預處理技術研究[J];計算機應用;2003年05期

9 胡華平,張怡,陳海濤,宣蕾,孫鵬;面向大規(guī)模網絡的入侵檢測與預警系統(tǒng)研究[J];國防科技大學學報;2003年01期

10 江建舉,葛運建;基于CORBA的新型分布式數(shù)據(jù)挖掘體系結構研究[J];計算機工程與應用;2002年23期

相關博士學位論文 前1條

1 趙恒;數(shù)據(jù)挖掘中聚類若干問題研究[D];西安電子科技大學;2005年

，

本文編號：2391488