Unlock instant, AI-driven research and patent intelligence for your innovation.

Correlation analysis method based on WEB logs

A technology of correlation analysis and WEB server, applied in the field of correlation analysis based on WEB logs, it can solve the problems of system attack, failure to analyze the correlation relationship of logs, and independent analysis of a single log exception, so as to achieve the effect of protecting data assets and wide applicability

Active Publication Date: 2020-01-17
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF9 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to provide a correlation analysis method based on WEB logs, which is used to solve the problem of independently analyzing whether a single log is abnormal in the prior art, but without analyzing the correlation between logs, it is impossible to identify multiple requests to jointly attack the system question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Correlation analysis method based on WEB logs
  • Correlation analysis method based on WEB logs
  • Correlation analysis method based on WEB logs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] combined with figure 1 As shown, a method for correlation analysis based on WEB logs includes the following steps:

[0038] 1) Log data collection

[0039] Such as figure 2 As shown, use nginx+lua to collect log data in a unified format. You can also use OpenResty directly. OpenResty is a high-performance web platform based on Nginx and Lua. The data to be collected here includes the following fields:

[0040] Session ID: sessionId,

[0041] Access interface path: urlPath,

[0042] The method of accessing the interface: method

[0043] User ip: clientIp

[0044] Access time: timestamp

[0045] 2) Log data preprocessing

[0046] Convert the log information collected above into a standard json format, where the time format is unified as yyyy-MM-dd HH:mm:ss

[0047] Such as:

[0048]

[0049]

[0050] Use sessionId as the grouping condition to divide the logs into different groups, that is, the data in each group is the data in the same web access session ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a correlation analysis method based on WEB logs, which comprises the following steps of: standardizing log data, obtaining an event behavior chain in a log, and counting an interface call undertaking relationship probability to obtain an access characteristic attribute of a group; and calculating similarity matching between the event behavior chain of the user and the groupto obtain a total abnormal behavior score. According to the method, through key log association analysis and similarity matching between the actual interface access behavior chain of the user and thebehavior chain of the group, abnormal behaviors can be specifically and accurately recognized, and a system administrator can be timely notified; analyzed data is web access logs, large concurrency and cross relations exist, a direct timeline sequence relation is abandoned, classification is determined by using field identifiers in log data, an abnormal relation is distinguished by using comparison of individuals and groups, and the applicability is wider.

Description

technical field [0001] The invention relates to the technical field of log security analysis, in particular to a correlation analysis method based on WEB logs. Background technique [0002] With the development of Web technology and the birth of web2.0, the advantages of convenient deployment and maintenance of WEB applications are gradually reflected. Internet applications based on the Web environment are becoming more and more widespread. Various information applications of enterprises are set up on the Web platform. The rapid development of the Internet has also attracted the strong attention of hackers, and Web security threats have also followed. Hackers use the system vulnerabilities of Web service programs and SQL injection vulnerabilities to obtain the control authority of the Web server, tampering with the content of the web page, and seriously Then steal important internal data, and more seriously, implant some malicious codes in the webpage, so that other visitors...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/10H04L63/1425H04L63/1466H04L67/02
Inventor 代波李成东常清雪
Owner SICHUAN CHANGHONG ELECTRIC CO LTD