| Intrusion detection is an important part of network security,with the progress of the society and the developing of science and technology,more and more people enjoy the convenience brought by the online world,at the same time,all kinds of network security problem,also has brought a lot of unnecessary trouble,anomaly detection is a common method of intrusion detection,the research object in this paper log contains a large number of useful information,the user behavior has important value analysis,and monitoring of the abnormal behavior in the maintenance of network security is also very important step.Ongoing research and development of this system is the result of own laboratory user behavior forensics system of project construction,because the system after the collection of user behavior,lack of unified log user behavior analysis module,therefore,based on the demand,and at the same time I found the same demand scenarios are not limited to small range of user behavior analysis in the laboratory,so the development of this system in general serialized data statistical analysis,can be applied to the Internet,universities,companies,enterprises and other applications.A log is a file that records the flow of user actions and can be used to validate designs,discover problems,and mine user requirements.This paper mainly does the following work:(1)An improved markov method was proposed for user behavior analysisFirst need to user behavior acquisition system to collect information into the original user behavior,using the improved markov method on the original user behavior data preprocessing,the transfer matrix of the initial and final state probability matrix data sets,then through unsupervised learning method multiple clustering fusion data sets get label,then you can train the SVM classifier,finally transfer the abnormal behavior,finally determine the malicious users through testing.(2)The log acquisition and analysis system is designed and implementedThe system is mainly composed of data acquisition module and data analysis module.First,the user traces,online records,recent access items and network packet log information are collected through the acquisition system,and then stored in the database to obtain the initial data set information.Through the analysis system,the improved markov method is used to process and analyze the behavior log data.The main functions of the data acquisition module include multi-identity user login,data acquisition and data acquisition management,etc.The data analysis module includes tasks such as malicious user monitoring and abnormal user behavior detection. |
PDF Full Text Request