Method for mining attack frequent sequence mode from Web log

A frequent sequence and sequential pattern mining technology, applied in the field of Web security

Active Publication Date: 2016-06-29
HUNAN UNIV
View PDF4 Cites 41 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But these analysis tools only do some simple statistics on the logs, such as counting the number of page views and visits, rather than in-depth data analysis of the logs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for mining attack frequent sequence mode from Web log
  • Method for mining attack frequent sequence mode from Web log
  • Method for mining attack frequent sequence mode from Web log

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] The hardware environment of the present invention is mainly a PC host. Among them, the CPU of the PC host is Intel(R) Core(TM) i5-4570, 3.20GHz, the memory is 4GB RAM, and the 64-bit operating system.

[0045] The software implementation of the present invention takes Windows7 as a platform, and is developed using the Java language under the Eclipse environment. Graphical display with the help of Graphviz tool. The Java version is 1.8.0_40, the Eclipse version is 4.4.2, and the Graphviz version is 2.37.

[0046] The experimental data is the Nginx server access log, and its format is visitor IP, authorized user, time, HTTP request, status code, size of transmitted data, upper-level path, and user agent. Specific examples are as follows: Figure 4 shown.

[0047] The operation is mainly divided into two parts, the first part is the log data preprocessing part, and the second part is the data mining and graphical display part.

[0048] 1. Preprocessing part

[0049] (...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to data mining in the field of network security and especially relates to a method for mining an attack frequent sequence mode from a Web log. The method comprises the following steps: collecting website access log files, website information and attack feature codes; analyzing a website log structure, matching analyzed URLs with the collected attack feature codes, obtaining attack records, and clearing up the URLs; performing user identification on attack log data and distinguishing manual attacks and attacks of a loophole scanner; respectively performing session identification to obtain a sequence database of the manual attacks and a sequence database of the loophole scanner; converting a character string database into a digital database, and respectively mining a frequent sequence of the sequence database by use of a sequence mode mining method; and maximizing the frequent sequence obtained through mining and converting a sequence mode into visual figure language. The process is indicated in the first graph. The method provided by the invention can realize visualization of an attack mode and explores a scanning sequence in the loophole scanner.

Description

technical field [0001] The invention relates to data mining in the field of Web security, in particular to a mining of attack behaviors. Specifically involved [0002] And through the mining of Web logs, the method of discovering the attack sequence pattern of network attackers. Background technique [0003] As one of the most important applications on the Internet, the Web provides a convenient mechanism for publishing and obtaining documents, and has gradually become a gathering place for various information resources. The richness and diversity of information lure hackers, resulting in more and more frequent attacks on Web applications, especially attacks on Web servers. This kind of attack not only has a wide variety, but also has great harm. Sometimes it will lead to the leakage of company user information, and even cause the server to be paralyzed. Common web application vulnerabilities include SQL injection, cross-site scripting attacks, directory traversal, file i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F17/30
CPCG06F16/955H04L63/1416H04L63/1425H04L63/1433H04L67/02
Inventor 孙建华孙慧
Owner HUNAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap