基于分布式数据挖掘的web应用入侵检测系统的设计与实现
发布时间:2018-12-25 18:36
【摘要】:随着Internet的迅猛发展,基于web技术和数据库架构的网络应用逐渐成为了主流,广泛应用于在我们生活的各个方面。web服务非常便捷,人们对它的依赖度也越来越大,购物、支付和其他消费等很多日常活动都在web平台中进行。由于web服务的远程访问性以及各种web服务程序存在的大量漏洞,使得web攻击的手段层出不穷,成为被黑客攻击最多的目标之一。近几年频繁发生的web安全事件对用户和企业都带来了极大的影响,削弱了 web应用发展的趋势。因此研究具有高适应性的web入侵检测系统迫在眉睫。传统的入侵检测方法首先会对已知的攻击行为进行建模,形成规则特征库,这对已知的攻击行为能较好的检测。然而这种web入侵检测方式漏检率高,不能检测未知的攻击,并且需要经常更新特征库。本文通过从web服务器的日志中提取特征向量,再将特征向量利用K-means算法进行聚类分析,从海量web日志中挖掘出正常和异常访问。这种将数据挖掘应用于入侵检测的系统不仅减少了人工编码及分析带来的繁重工作,而且提高了入侵检测系统的适应性。本文所做的具体工作如下所示:1.提出一种web日志预处理和特征提取的方法。2.设计了基于分布式数据挖掘的web应用入侵检测系统。该系统主要包括日志收集模块、聚类分析模块和入侵检测模块。采用分布式对日志文件进行数据收集,并根据入侵检测的需求做数据预处理。利用K-means算法做聚类分析得到入侵检测规则,再利用此规则对新数据做入侵检测。3.利用收集的web日志对系统进行了测试。实验结果表明,本系统对XSS、SQL注入和CSRF攻击有较好的检测能力。
[Abstract]:With the rapid development of Internet, the network application based on web technology and database architecture has gradually become the mainstream, widely used in all aspects of our lives. Web service is very convenient, people rely more and more on it, shopping, Many daily activities, such as payments and other expenses, are carried out on the web platform. Because of the remote access of web services and the existence of a large number of vulnerabilities in various web service programs, web attacks emerge in endlessly, and become one of the most targeted attacks by hackers. In recent years, the frequent web security incidents have brought great influence to both users and enterprises, which has weakened the development trend of web applications. Therefore, it is urgent to study the web intrusion detection system with high adaptability. The traditional intrusion detection method first models the known attack behavior and forms the rule signature library which can detect the known attack behavior better. However, this web intrusion detection method can not detect unknown attacks because of its high missed detection rate, and it needs to update the signature library frequently. In this paper, the feature vectors are extracted from the logs of the web server, and then the feature vectors are analyzed by using the K-means algorithm to extract the normal and abnormal access from the massive web logs. The application of data mining in intrusion detection system not only reduces the heavy work brought by manual coding and analysis, but also improves the adaptability of intrusion detection system. The specific work done in this paper is as follows: 1. This paper presents a method of web log preprocessing and feature extraction. 2. Web application intrusion detection system based on distributed data mining is designed. The system mainly includes log collection module, cluster analysis module and intrusion detection module. The log files are collected by distributed data collection, and the data preprocessing is made according to the requirement of intrusion detection. K-means algorithm is used to cluster analysis to obtain intrusion detection rules, and the rules are used to detect new data. 3. 3. The system was tested using the collected web logs. Experimental results show that the system can detect XSS,SQL injection and CSRF attacks.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP311.13;TP393.08
本文编号:2391488
[Abstract]:With the rapid development of Internet, the network application based on web technology and database architecture has gradually become the mainstream, widely used in all aspects of our lives. Web service is very convenient, people rely more and more on it, shopping, Many daily activities, such as payments and other expenses, are carried out on the web platform. Because of the remote access of web services and the existence of a large number of vulnerabilities in various web service programs, web attacks emerge in endlessly, and become one of the most targeted attacks by hackers. In recent years, the frequent web security incidents have brought great influence to both users and enterprises, which has weakened the development trend of web applications. Therefore, it is urgent to study the web intrusion detection system with high adaptability. The traditional intrusion detection method first models the known attack behavior and forms the rule signature library which can detect the known attack behavior better. However, this web intrusion detection method can not detect unknown attacks because of its high missed detection rate, and it needs to update the signature library frequently. In this paper, the feature vectors are extracted from the logs of the web server, and then the feature vectors are analyzed by using the K-means algorithm to extract the normal and abnormal access from the massive web logs. The application of data mining in intrusion detection system not only reduces the heavy work brought by manual coding and analysis, but also improves the adaptability of intrusion detection system. The specific work done in this paper is as follows: 1. This paper presents a method of web log preprocessing and feature extraction. 2. Web application intrusion detection system based on distributed data mining is designed. The system mainly includes log collection module, cluster analysis module and intrusion detection module. The log files are collected by distributed data collection, and the data preprocessing is made according to the requirement of intrusion detection. K-means algorithm is used to cluster analysis to obtain intrusion detection rules, and the rules are used to detect new data. 3. 3. The system was tested using the collected web logs. Experimental results show that the system can detect XSS,SQL injection and CSRF attacks.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP311.13;TP393.08
【参考文献】
相关期刊论文 前10条
1 周琪锋;;基于网络日志的安全审计系统的研究与设计[J];计算机技术与发展;2009年11期
2 石彪,胡华平,刘利枚;网络环境下的日志监控与安全审计系统设计与实现[J];福建电脑;2004年12期
3 杨武,方滨兴,云晓春,张宏莉;入侵检测系统中高效模式匹配算法的研究[J];计算机工程;2004年13期
4 刘涛 ,薛质 ,唐正军 ,李建华;基于数据挖掘的大规模分布式入侵检测系统的设计[J];信息安全与通信保密;2004年05期
5 宋世杰,胡华平,胡笑蕾,金士尧;基于数据挖掘的网络型误用入侵检测系统研究[J];重庆邮电学院学报(自然科学版);2004年01期
6 胡敏,潘雪增,平玲娣;基于数据挖掘的实时入侵检测技术的研究[J];计算机应用研究;2004年01期
7 罗敏,王丽娜,张焕国;基于无监督聚类的入侵检测方法[J];电子学报;2003年11期
8 赵伟,何丕廉,陈霞,谢振亮;Web日志挖掘中的数据预处理技术研究[J];计算机应用;2003年05期
9 胡华平,张怡,陈海涛,宣蕾,孙鹏;面向大规模网络的入侵检测与预警系统研究[J];国防科技大学学报;2003年01期
10 江建举,葛运建;基于CORBA的新型分布式数据挖掘体系结构研究[J];计算机工程与应用;2002年23期
相关博士学位论文 前1条
1 赵恒;数据挖掘中聚类若干问题研究[D];西安电子科技大学;2005年
,本文编号:2391488
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2391488.html