{"title":"针对Web异常行为的高效Web日志过滤方案","authors":"H. C. Tseng, Shin-Yun Chang, T. Juang","doi":"10.6159/IJSE.2014.(4-4).05","DOIUrl":null,"url":null,"abstract":"With the rapid development of technology, network services are becoming more complex and changeful. To protect the security and privacy of these network services, check and analyze abnormal behaviors actively becomes very important. In order to meet the need of check and analyze abnormal behaviors actively for routine security check, we try to find the data of known attacks and anomaly behaviors, propose a web log filter scheme for web abnormal behaviors which aims to quickly anomaly detection and also provides accuracy. The scheme uses the signature rules of PHPIDS to match, preprocesses network logs to find suspicious logs and form a feature matrix, reduces the dimensionality of matrix using random projection, uses Mahalanobis distance to identify outliers and calculate an anomaly score of the outliers. If the log line is too different, we flag it anomaly, until all of the logs are checked. In order to get the better outcome, we use the data of real-world company to test the scheme and find the suitable parameter. In addition, the advantage of the scheme is simple to implement easily, fast and without losing too much accuracy and does not need to clean training data.","PeriodicalId":14209,"journal":{"name":"International Journal of Science and Engineering","volume":"12 1","pages":"25-31"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An Efficient Web Log Filter Scheme for Web Abnormal Behaviors\",\"authors\":\"H. C. Tseng, Shin-Yun Chang, T. Juang\",\"doi\":\"10.6159/IJSE.2014.(4-4).05\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the rapid development of technology, network services are becoming more complex and changeful. To protect the security and privacy of these network services, check and analyze abnormal behaviors actively becomes very important. In order to meet the need of check and analyze abnormal behaviors actively for routine security check, we try to find the data of known attacks and anomaly behaviors, propose a web log filter scheme for web abnormal behaviors which aims to quickly anomaly detection and also provides accuracy. The scheme uses the signature rules of PHPIDS to match, preprocesses network logs to find suspicious logs and form a feature matrix, reduces the dimensionality of matrix using random projection, uses Mahalanobis distance to identify outliers and calculate an anomaly score of the outliers. If the log line is too different, we flag it anomaly, until all of the logs are checked. In order to get the better outcome, we use the data of real-world company to test the scheme and find the suitable parameter. In addition, the advantage of the scheme is simple to implement easily, fast and without losing too much accuracy and does not need to clean training data.\",\"PeriodicalId\":14209,\"journal\":{\"name\":\"International Journal of Science and Engineering\",\"volume\":\"12 1\",\"pages\":\"25-31\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Science and Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.6159/IJSE.2014.(4-4).05\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Science and Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.6159/IJSE.2014.(4-4).05","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Efficient Web Log Filter Scheme for Web Abnormal Behaviors
With the rapid development of technology, network services are becoming more complex and changeful. To protect the security and privacy of these network services, check and analyze abnormal behaviors actively becomes very important. In order to meet the need of check and analyze abnormal behaviors actively for routine security check, we try to find the data of known attacks and anomaly behaviors, propose a web log filter scheme for web abnormal behaviors which aims to quickly anomaly detection and also provides accuracy. The scheme uses the signature rules of PHPIDS to match, preprocesses network logs to find suspicious logs and form a feature matrix, reduces the dimensionality of matrix using random projection, uses Mahalanobis distance to identify outliers and calculate an anomaly score of the outliers. If the log line is too different, we flag it anomaly, until all of the logs are checked. In order to get the better outcome, we use the data of real-world company to test the scheme and find the suitable parameter. In addition, the advantage of the scheme is simple to implement easily, fast and without losing too much accuracy and does not need to clean training data.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
