Hadoop云计算环境下的Web应用日志安全威胁分析_毕业论文

毕业论文移动版

毕业论文 > 计算机论文 >

Hadoop云计算环境下的Web应用日志安全威胁分析

摘要随着互联网的发展,人们在享用 Internet 带来的便利的同时,亦饱受各种攻击 行为的烦扰,网络安全防护对各种计算机系统的重要性不言而喻。而除防火墙等 静态防御机制之外,人们已经意识到动态防御机制在网络已经遭到入侵后对安全 威胁分析的重要意义。入侵检测系统的研究由此应运而生。传统的 web 日志分析 或入侵检测系统基本使用的是安全专家分析提取的规则或模型,其准确率低、效 率不高、可扩展性差。而机器学习技术的优势就在于它能从大量数据中发现特征 和行为模式,将两者结合在一起,就可以有效地减少人工的工作量和经验成分, 使安全威胁分析具有自适应和自我学习的能力。68520

本文通过研究入侵检测系统及其机器学习算法,将决策树分类算法应用于入 侵检测系统,利用云计算中的并行计算,来处理可能的海量数据,以提高整个系 统的检测性能,提高运行效率和准确率。本文的工作主要有以下几点:1、通过研 究和分析传统入侵检测技术的局限性和信息时代海量数据的特点,从而发现将机 器学习技术应用于入侵检测系统并进行并行化是十分必要的。2、深入分析了决策 树算法,详细介绍了 SLIQ 算法,并针对其用于入侵检测系统的缺陷提出了优化 方案,进行了实验验证。3、将用于入侵检测系统的 SLIQ 算法移植到 Hadoop 平 台上进行计算,提高其运行效率。

毕业论文关键字:入侵检测 决策树 SLIQ Hadoop 并行化

Title Security Threat Analysis of Web Application In Cloud Computing Environment

 

 

Abstract

With the development of the Internet, people are suffering from a variety of network attacks while enjoying the convenience brought by the Internet. The importance of network security to various computer systems goes without saying in nowadays. And in addition to static defense mechanisms such as firewalls, people have realized the significance of the dynamic defense mechanism to the security threat analysis in the network which has been compromised. Thus, the research of intrusion detection systems came into being. Traditional web log analysis or intrusion detection systems are basically using the rules or models which are extracted by security experts. So the rules or models are unavoidable to have low accuracy, low efficiency and poor scalability. However, the advantages of machine learning technology is that it can discover the characteristics and behavior patterns from large amounts of data. If we put the two together, we will effectively reduce the manual workload and experience ingredients in the models or rules, so that the security threat analysis will be more adaptive and have self-learning ability.

 

In this paper, by researching in intrusion detection systems and machine learning algorithms, I apply the decision tree classification algorithm to intrusion systems. In order to deal with massive amounts of data, the use of parallel computing in the cloud improves the detection performance, efficiency and accuracy of the whole system. The main work of this paper

are the following: firstly, by studying and analyzing the limitations of traditional intrusion detection technology and the characteristics of massive data in the information age, I found that it is absolutely essential for the machine learning techniques to use in intrusion detection systems and to be parallelized. Secondly, I have analyzed the decision tree algorithm in depth and described the SLIQ algorithm. And then I proposed optimization methods for its shortcomings in the appliance of IDS and verified them by experiments. Thirdly, the SLIQ algorithm which is used in IDS was ported to the Hadoop computing platform to improve its operating efficiency. (责任编辑:qin)