电信运营人员行为分析的研究与设计

发布时间：2018-05-20 11:20

本文选题：用户行为 + 日志采集　；参考：《东南大学》2017年硕士论文

【摘要】：随着科技的发展,计算机已经深入到我们工作、学习和生活中。网络给我们带来便利的同时,也产生了各式各样的安全问题。为了加强员工在工作中的行为规范,保证公司的核心资料不被泄漏,现从安全的角度考虑,以Hadoop技术作为数据存储和处理的技术框架,对用户日志进行采集和行为审计,从而分析用户行为是否存在安全隐患,及时作出响应。审计的用户行为主要包括:登录行为、帐号管理、密码修改、权限管理、系统操作行为、网络应用程序、文件传送、邮件和文件传输协议。论文从四个方面对用户的行为进行分析和研究:1)审计规则生成模型设计:规则分为规则头和规则选项,并定义了各自的语法。采用Apriori算法挖掘出强关联规则和管理员定义两种方式完善规则库。针对Apriori算法存在的缺点,采用在生成频繁项集的无用的交易记录添加标记的方法进行优化,提高关联规则挖掘效率。2)日志的采集:本文实现多点分布式数据的采集,将主机数据源和网络数据源有机的结合起来。使用Flume和Kafka开源软件。Flume可定制各类数据发送方,用于收集数据。Kafka实现对数据的缓存,利用主题和分区实现数据的分类和负载均衡。3)设计实现审计系统:基于优化的Apriori算法,挖掘出用户的强关联规则,生成规则库。对采集的基于日志的用户行为,采用特征匹配、频率分析、关联分析和关键字分析等方法进行行为审计,对存在异常的行为通过邮件的方式将审计结果发送给安全管理员,管理员根据审计结果的反馈,及时作出决策支持。4)对优化的算法和审计系统进行实验测试:通过改变支持度和日志审计量两种方式对算法审计的效率进行测试,并通过预置异常测试审计的准确率,并对审计出的结果进行了有效的分析,得出了改进的算法的可行性和系统的稳定性。
[Abstract]:With the development of science and technology, computers have penetrated into our work, study and life. The network brings us convenience, at the same time, has also produced various kinds of security problems. In order to strengthen the behavior of employees in the work and ensure that the core information of the company is not leaked, we take Hadoop technology as the technical framework of data storage and processing to collect and audit the user logs from a security point of view. Therefore, the user behavior is analyzed whether there is a security hazard, timely response. The audit user behavior mainly includes: login behavior, account management, password modification, privilege management, system operation behavior, network application, file transfer, mail and file transfer protocol. This paper analyzes and studies the behavior of the user from four aspects: the design of the rule generation model: the rules are divided into rule header and rule options, and their syntax is defined. Apriori algorithm is used to mine strong association rules and administrator definition to improve the rules base. Aiming at the shortcomings of Apriori algorithm, the method of adding tags to useless transaction records that generate frequent itemsets is adopted to improve the efficiency of mining association rules. Will host data source and network data source organic combination. Using Flume and Kafka open source software. Flume can customize all kinds of data senders to collect data. Kafka is used to cache data. The audit system is designed and implemented by using topic and partition to realize data classification and load balancing. 3): based on optimized Apriori algorithm, audit system is designed and implemented. The strong association rules of users are mined and the rule base is generated. To collect the user behavior based on log, we use the methods of feature matching, frequency analysis, association analysis and keyword analysis to audit the behavior, and send the audit results to the security administrator by email. According to the feedback from the audit results, the administrator makes timely decision support. 4) the optimized algorithm and the audit system are tested experimentally: the efficiency of the algorithm audit is tested by changing the support degree and the log audit quantity. Through the accuracy of preset abnormal test audit and the analysis of the audit results, the feasibility of the improved algorithm and the stability of the system are obtained.
【学位授予单位】：东南大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：F626;TP311.13;TP309

【参考文献】