| 基于蜜罐日志的关联规则挖掘研究 |
| |
| 引用本文: | 金涛,薛质,王轶骏.基于蜜罐日志的关联规则挖掘研究[J].信息安全与通信保密,2011(4):77-79. |
| |
| 作者姓名: | 金涛 薛质 王轶骏 |
| |
| 作者单位: | 上海交通大学信息安全工程学院,上海,200240 |
| |
| 基金项目: | 上海市科学技术委员会科研计划项目课题"文字作品互联网传播追踪与定位关键技术研究"资助 |
| |
| 摘 要: | 随着网络攻击数量和种类的不断增加,基于蜜罐(Honeypot)系统的海量攻击日志分析变得更加困难和耗时。仅仅凭借一个事件推断黑客意图和行为是非常困难的。这就要求在蜜罐系统的研究中进行整体性分析,数据挖掘技术就是这样的整体性分析工具。首先阐述了蜜罐系统的原理,然后以开源蜜罐系统Honeyd捕获的真实日志数据为例,使用关联规则挖掘先验(Apriori)算法对日志的特定属性进行分析,找出不同网络连接记录属性之间的关联规则,从中发现并理解攻击者的攻击行为和攻击模式,验证了数据挖掘技术应用于蜜罐日志分析中的可行性。
|
| 关 键 词: | 蜜罐 日志分析 数据挖掘 关联规则 |
Study on Association Rule Learning based on Honeypot Log Analysis |
| |
| JIN Tao,XUE Zhi,WANG Yi-jun.Study on Association Rule Learning based on Honeypot Log Analysis[J].China Information Security,2011(4):77-79. |
| |
| Authors: | JIN Tao XUE Zhi WANG Yi-jun |
| |
| Affiliation: | JIN Tao,XUE Zhi,WANG Yi-jun (School of Information Security Engineering,Shanghai Jiaotong University,Shanghai 200240,China) |
| |
| Abstract: | With the significant increase in amount and type of network attacks,analysis on Honeypot logs with huge volume becomes more difficult and time-consuming,and data mining technology is a tool for analyzing the dataset as whole and for improving the work efficiency. This paper first describes the principle of the Honeypot system. Then the data mining algorithm Apriori is applied to analyzing the attributes of the log data captured by Honeyd-an open source Honeypot solution,and further to identifying data assoc... |
| |
| Keywords: | Honeypot log analysis data mining association rule |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
