Research On Site Invasion Evidence Based On Log Analysis

With the rapid development and popularization of the computer network technology, whilebringing convenience to people’s lives, the corresponding computer crime also showed a risingtrend year by year. There is a security vulnerability in China more than90%sites, many siteshave been hackers, serious harm to the website information safety in china. Therefore, the studyof Web Intrusion Forensics is very necessary. Through the website intrusion forensic technology,you can determine whether the illegal invasion, and the illegal invasion attack forensics, toeffectively combat the illegal website invasion behavior.At present, there are a lot of forensics model analysis of website intrusion and log, but thesemodels generally pay too much attention to the details, the lack of universal faults; a focus onlegal or technical and not a very good combination of the two; focus on the forensic analysis ofstatic forensics model without considering the change with time. Therefore, led to the computerforensics model is not practical, not applicable. In accordance with the forensics products andtools developed model that it is difficult to meet the actual demand of computer forensics, whichcan be used to collect evidence in accordance with the standard of evidence.In view of this, the research contents are as follows:(1) this paper proposes a weighted fuzzy kernel clustering algorithm.In this paper, the application of the density function method on weighted intuitionistic fuzzysets, to obtain the initial cluster center, put forward a kind of improved weighted intuitionisticfuzzy kernel clustering algorithm, this method not only reduces the dependence on the initialcluster center, but also reduces the number of iterations, accelerate the convergence speed,effectively improve the clustering effect.(2) Build a log analysis of website intrusion dynamic forensics model based on.In this paper, architecture of website intrusion forensic model was described in detail, putforward the invasion site characteristics and log data analysis technology to build a websiteintrusion forensic model. In the analysis of log data acquisition and process, the improvedweighted intuitionistic fuzzy kernel clustering algorithm, the optimization of log analysis process,to complete the evidence with the minimum cost and higher efficiency.(3) Realization of website intrusion forensic system.This article from the functional requirements and customer needs, build a log analysis ofdynamic forensics model based on Web Intrusion, and the overall structure, each functionmodule, and the main work flow are described, focusing on the collection, clustering of WebIntrusion Forensics log file analysis and rendering process. The realization of Web IntrusionForensics System, achieved the expected requirements.