| Under the background of the rapid development of network technology,the number of netizens and Web-based applications have shown an increasingly explosive growth Due to the popularity and convenience of the Internet,the network plays an important role in people’s lives everywhere from the purchase of financial transactions to entertainment networks.On the other hand,due to the continuous development of attack techniques and the lack of self-protection systems,the network security incidents that have erupted in recent years are endless.If the visitor’s browsing information is effectively analyzed,it is possible to prevent frequent occurrence of such events Therefore,it is of great significance to efficiently discover suspicious website attacks from a large number of Web logsAnomaly detection as a kind of network attack intrusion detection is one of the effective methods to prevent network attacks.However,due to the increasing diversity of intrusion methods,current anomaly detection methods based on intelligent technologies have become one of the research hotspots in academia and industry.Compared with traditional detection methods,in all aspects of indicators and performance should be further studied in order to achieve better detection results.In order to solve the above problems,a new session-based log anomaly detection prototype system and a new method of anomaly detection and analysis were proposed through in-depth research on Web logs in this paper.The main work of this article was as follows:(1)This paper designed a set of session-based log anomaly detection prototype system using distributed software architecture.This system collected and analyzed server log data from big data platform and applied the proposed anomaly detection algorithm to the system to achieve effective log anomalies.Mutual cooperation between the various modules of the system supported each other.It provided a framework reference for the industry.(2)In the log preprocessing section,a session identification algorithm that combines both the site page factor and the user access time average factor was proposed.This improved algorithm increased both the precision and the recall of session identification to provide meaningful supports of following detection modeling.(3)An anomaly detection model based on naive Bayesian was constructed.Combined with the improved particle swarm optimization algorithm,a weighted naive Bayesian anomaly detection algorithm was further proposed.The experiment proved that the model enhanced the system’s attack detection ability to a certain extent and the algorithm improved on all aspects of performance indicators compared with other classification algorithms. |
PDF Full Text Request