基于分布式數(shù)據(jù)挖掘的web應(yīng)用入侵檢測系統(tǒng)的設(shè)計與實現(xiàn)
[Abstract]:With the rapid development of Internet, the network application based on web technology and database architecture has gradually become the mainstream, widely used in all aspects of our lives. Web service is very convenient, people rely more and more on it, shopping, Many daily activities, such as payments and other expenses, are carried out on the web platform. Because of the remote access of web services and the existence of a large number of vulnerabilities in various web service programs, web attacks emerge in endlessly, and become one of the most targeted attacks by hackers. In recent years, the frequent web security incidents have brought great influence to both users and enterprises, which has weakened the development trend of web applications. Therefore, it is urgent to study the web intrusion detection system with high adaptability. The traditional intrusion detection method first models the known attack behavior and forms the rule signature library which can detect the known attack behavior better. However, this web intrusion detection method can not detect unknown attacks because of its high missed detection rate, and it needs to update the signature library frequently. In this paper, the feature vectors are extracted from the logs of the web server, and then the feature vectors are analyzed by using the K-means algorithm to extract the normal and abnormal access from the massive web logs. The application of data mining in intrusion detection system not only reduces the heavy work brought by manual coding and analysis, but also improves the adaptability of intrusion detection system. The specific work done in this paper is as follows: 1. This paper presents a method of web log preprocessing and feature extraction. 2. Web application intrusion detection system based on distributed data mining is designed. The system mainly includes log collection module, cluster analysis module and intrusion detection module. The log files are collected by distributed data collection, and the data preprocessing is made according to the requirement of intrusion detection. K-means algorithm is used to cluster analysis to obtain intrusion detection rules, and the rules are used to detect new data. 3. 3. The system was tested using the collected web logs. Experimental results show that the system can detect XSS,SQL injection and CSRF attacks.
【學(xué)位授予單位】:北京郵電大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2016
【分類號】:TP311.13;TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前10條
1 周琪鋒;;基于網(wǎng)絡(luò)日志的安全審計系統(tǒng)的研究與設(shè)計[J];計算機(jī)技術(shù)與發(fā)展;2009年11期
2 石彪,胡華平,劉利枚;網(wǎng)絡(luò)環(huán)境下的日志監(jiān)控與安全審計系統(tǒng)設(shè)計與實現(xiàn)[J];福建電腦;2004年12期
3 楊武,方濱興,云曉春,張宏莉;入侵檢測系統(tǒng)中高效模式匹配算法的研究[J];計算機(jī)工程;2004年13期
4 劉濤 ,薛質(zhì) ,唐正軍 ,李建華;基于數(shù)據(jù)挖掘的大規(guī)模分布式入侵檢測系統(tǒng)的設(shè)計[J];信息安全與通信保密;2004年05期
5 宋世杰,胡華平,胡笑蕾,金士堯;基于數(shù)據(jù)挖掘的網(wǎng)絡(luò)型誤用入侵檢測系統(tǒng)研究[J];重慶郵電學(xué)院學(xué)報(自然科學(xué)版);2004年01期
6 胡敏,潘雪增,平玲娣;基于數(shù)據(jù)挖掘的實時入侵檢測技術(shù)的研究[J];計算機(jī)應(yīng)用研究;2004年01期
7 羅敏,王麗娜,張煥國;基于無監(jiān)督聚類的入侵檢測方法[J];電子學(xué)報;2003年11期
8 趙偉,何丕廉,陳霞,謝振亮;Web日志挖掘中的數(shù)據(jù)預(yù)處理技術(shù)研究[J];計算機(jī)應(yīng)用;2003年05期
9 胡華平,張怡,陳海濤,宣蕾,孫鵬;面向大規(guī)模網(wǎng)絡(luò)的入侵檢測與預(yù)警系統(tǒng)研究[J];國防科技大學(xué)學(xué)報;2003年01期
10 江建舉,葛運(yùn)建;基于CORBA的新型分布式數(shù)據(jù)挖掘體系結(jié)構(gòu)研究[J];計算機(jī)工程與應(yīng)用;2002年23期
相關(guān)博士學(xué)位論文 前1條
1 趙恒;數(shù)據(jù)挖掘中聚類若干問題研究[D];西安電子科技大學(xué);2005年
,本文編號:2391488
本文鏈接:http://www.sikaile.net/kejilunwen/ruanjiangongchenglunwen/2391488.html
