| With the rapid development of Internet, statistics of hackers’ malicious attacks present a rapidly rising trend. And it’s a great threat to both social and economic interests of Web users. A large number of web attacks such as SQL Injection and Cross-site Scripting attack, leave traces in the web access log. The traditional security analysis of web logs is confined to find out the attack records, but the deep association of the attacks is ignored. While web log mining is mainly aimed to find users’ access patterns, and it’s rarely focus on the security events in web logs.A malicious user usually attacks a website step by step, while the common attack processes of the users imply significant security information of the website. In this paper, a solution of mining the sequential patterns of attacks based on web log mining is proposed, and a security analysis system of web logs is designed and implemented. Based on the research of web attacks, the attack types which can be located in the web access log are figured out, as well as the fields in web logs which can be used to analyze the attacks. Rule matching and statistical analysis are used to capture these security events. After the database of attack sequences is built, an algorithm called PrefixSpan is used to find out the sequential patterns of attacks.The sequential patterns of attacks show the common attack steps of most attackers to the website, and implicate that the corresponding security vulnerabilities were found and used by the attackers. The experiment result shows that security vulnerabilities of the website are located effectively by analyzing the sequential patterns of attacks, and the targeted security information can be provided for the webmaster. |
PDF Full Text Request