本文選題：AAA系統(tǒng) + 日志數(shù)據(jù)　； 參考：《國(guó)防科學(xué)技術(shù)大學(xué)》2014年碩士論文

【摘要】：隨著電信運(yùn)營(yíng)商網(wǎng)絡(luò)業(yè)務(wù)類(lèi)型(2G\3G\4G、WIFI、固定寬帶等)的不斷增加和用戶(hù)數(shù)量的迅猛增長(zhǎng),其對(duì)AAA系統(tǒng)性能和功能的要求也隨之增加,這就導(dǎo)致AAA系統(tǒng)組成設(shè)備的種類(lèi)和規(guī)模不斷增多,由設(shè)備軟硬件故障、惡意攻擊等引發(fā)的系統(tǒng)故障也日益頻繁。由于各類(lèi)設(shè)備之間互相影響和依賴(lài),單個(gè)設(shè)備的故障會(huì)引發(fā)多個(gè)設(shè)備多種類(lèi)型的故障日志,加之日志數(shù)據(jù)格式互不相同,導(dǎo)致通過(guò)分析日志數(shù)據(jù)定位故障源或攻擊源、確認(rèn)故障影響范圍等越來(lái)越困難。針對(duì)上述問(wèn)題,本文主要完成了以下4項(xiàng)工作:1.提出了一種日志自動(dòng)收集和模板提取機(jī)制ALCTE(Auto Log Collection and Template Extraction),首先基于Flume實(shí)現(xiàn)各類(lèi)設(shè)備日志的自動(dòng)收集和格式統(tǒng)一轉(zhuǎn)換,然后根據(jù)日志組成文本所包含詞匯的出現(xiàn)頻率將其劃分為模板詞和數(shù)據(jù)詞,從而將一條日志記錄分解為日志模板和數(shù)據(jù)向量,從而實(shí)現(xiàn)不同類(lèi)型日志數(shù)據(jù)的自動(dòng)格式歸一化,用于解決因設(shè)備類(lèi)型、軟件版本、網(wǎng)絡(luò)層次等不同帶來(lái)的日志格式不統(tǒng)一、分析困難的問(wèn)題;2.設(shè)計(jì)了一種面向故障事件對(duì)格式化日志數(shù)據(jù)進(jìn)行聚集的方法Co LDFFE(Cluster of Log Data Facing Fault Event),該方法基于經(jīng)ALCTE機(jī)制處理的格式化日志數(shù)據(jù)實(shí)現(xiàn),通過(guò)日志矩陣分解等手段分析各類(lèi)故障事件(如數(shù)據(jù)庫(kù)宕機(jī)等)與日志數(shù)據(jù)的關(guān)系,最終獲取與某一事件相關(guān)的日志模板和數(shù)據(jù)向量集合,最終確定故障類(lèi)型、涉及的設(shè)備和影響范圍等;3.提出了一種基于TF-IDF算法的攻擊源檢測(cè)機(jī)制ASDBT(Attack Source Detection Based on TF-IDF),在對(duì)某電信公司近一年AAA認(rèn)證日志統(tǒng)計(jì)分析的基礎(chǔ)上,該機(jī)制通過(guò)重新設(shè)定TF-IDF算法的參數(shù),計(jì)算待篩選數(shù)據(jù)源與攻擊數(shù)據(jù)源集(已確認(rèn)的攻擊源)的關(guān)聯(lián)度,通過(guò)將計(jì)算得出的關(guān)聯(lián)度與計(jì)算獲取的關(guān)聯(lián)度閾值相比較發(fā)現(xiàn)和確定其他攻擊源,有效彌補(bǔ)了現(xiàn)有檢測(cè)機(jī)制在有效性和高效性上的不足,可高效全面的發(fā)現(xiàn)并確定其他攻擊源;4.依據(jù)從某電信運(yùn)營(yíng)商獲取的真實(shí)AAA系統(tǒng)組成各類(lèi)設(shè)備近1年的日志數(shù)據(jù),綜合運(yùn)用ALCTE機(jī)制、Co LDFFE方法和ASDBT機(jī)制,設(shè)計(jì)并實(shí)現(xiàn)AAA服務(wù)狀態(tài)監(jiān)測(cè)原型系統(tǒng),基于物理鏈路阻斷、數(shù)據(jù)庫(kù)服務(wù)宕機(jī)、非法登陸攻擊等多個(gè)不同的故障場(chǎng)景進(jìn)行模擬實(shí)驗(yàn),驗(yàn)證了上述方法和機(jī)制的有效性。
[Abstract]:With the continuous increase of telecom operators' network service type (2G\ 3G\ 4G WIFI, fixed broadband, etc.) and the rapid growth of the number of users, the requirements for the performance and function of AAA system are also increasing, which leads to the constant increase in the types and scale of the equipment components of the AAA system. System failures caused by hardware and software failures and malicious attacks are becoming more and more frequent. Because of the mutual influence and dependence of all kinds of devices, the failure of a single device will cause many kinds of fault logs of multiple devices, and the log data format is different, which leads to the analysis of log data to locate the fault source or attack source. It is becoming more and more difficult to confirm the extent of failure. In view of the above problems, this paper mainly completed the following four tasks: 1. This paper presents a mechanism of automatic log collection and template extraction, ALCTE(Auto Log Collection and Template Extraction.Firstly, based on Flume, the automatic collection and format conversion of all kinds of device logs are realized. Then, according to the occurrence frequency of the words contained in the log composition text, it is divided into template words and data words, thus a log record is decomposed into log templates and data vectors, and the automatic format of different types of log data is normalized. It is used to solve the problem that the log format is not uniform because of the different device type, software version, network layer and so on. A method of gathering formatted log data, Co LDFFE(Cluster of Log Data Facing Fault event, is designed for fault event oriented. The method is based on formatted log data processed by ALCTE mechanism. Through log matrix decomposition and other means to analyze the relationship between all kinds of fault events (such as database downtime) and log data, finally obtain the log template and data vector set related to a certain event, and finally determine the fault type. The equipment involved and the scope of influence etc. An attack source detection mechanism based on TF-IDF algorithm, ASDBT(Attack Source Detection Based on TF-IDF, is proposed. Based on the statistical analysis of the AAA authentication log of a telecom company for nearly one year, the parameters of the TF-IDF algorithm are reset. The correlation degree between the data source to be filtered and the set of attack data sources (identified attack source) is calculated, and the other attack sources are found and determined by comparing the calculated correlation degree with the calculated correlation degree threshold. It can effectively make up for the shortcomings of the existing detection mechanism in effectiveness and efficiency, and can find and identify other attack sources efficiently and comprehensively. According to the real AAA system obtained from a telecom operator, a prototype system of AAA service condition monitoring is designed and implemented, which is based on physical link blocking, using ALCTE mechanism Co LDFFE method and ASDBT mechanism. Several different fault scenarios, such as database service downtime and illegal landing attack, were simulated to verify the effectiveness of the above methods and mechanisms.
【學(xué)位授予單位】：國(guó)防科學(xué)技術(shù)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TN915.06

【參考文獻(xiàn)】

相關(guān)期刊論文 前7條

1 劉艷;程景清;孫科學(xué);;基于雙棧架構(gòu)的下一代AAA服務(wù)器設(shè)計(jì)與實(shí)現(xiàn)[J];計(jì)算機(jī)技術(shù)與發(fā)展;2014年03期

2 張多英;伍偉池;焦文華;;基于數(shù)據(jù)挖掘的CDMA2000移動(dòng)網(wǎng)絡(luò)防盜用技術(shù)[J];電訊技術(shù);2012年02期

3 趙國(guó)鋒;喻守成;文晟;;基于用戶(hù)行為分析的應(yīng)用層DDoS攻擊檢測(cè)方法[J];計(jì)算機(jī)應(yīng)用研究;2011年02期

4 曹冬林;廖祥文;許洪波;白碩;;基于網(wǎng)頁(yè)格式信息量的博客文章和評(píng)論抽取模型[J];軟件學(xué)報(bào);2009年05期

5 任祥穎;翁睿;凌力;;AAA系統(tǒng)中Diameter協(xié)議故障恢復(fù)算法的改進(jìn)和實(shí)現(xiàn)[J];計(jì)算機(jī)應(yīng)用與軟件;2007年05期

6 常育紅,姜哲,朱小燕;基于標(biāo)記樹(shù)表示方法的頁(yè)面結(jié)構(gòu)分析[J];計(jì)算機(jī)工程與應(yīng)用;2004年16期

7 張志剛;陳靜;李曉明;;一種HTML網(wǎng)頁(yè)凈化方法[J];情報(bào)學(xué)報(bào);2004年04期

，

本文編號(hào)：1873379