Computer Science ›› 2018, Vol. 45 ›› Issue (10): 160-165.doi: 10.11896/j.issn.1002-137X.2018.10.030

• Information Security • Previous Articles     Next Articles

Identification of User’s Role and Discovery Method of Its Malicious Access Behavior in Web Logs

WANG Jian, ZHANG Yang-sen, CHEN Ruo-yu, JIANG Yu-ru, YOU Jian-qing   

  1. Institute of Intelligent Information Processing,Beijing Information Science and Technology University,Beijing 100101,China
  • Received:2017-09-09 Online:2018-11-05 Published:2018-11-05

Abstract: With the rapid development of Internet technology,a variety of malicious access behavios endanger the information security of network.There is theoretical significance and practical value for network security to identify user’s role and discover malicious access behaviors.Based on Web logs,an IP assisted database was constructed to build IP u-ser’s daily role model.On this basis,the sliding time window technique was introduced,and the dynamic change of time was integrated into user’s role identification.A dynamic identification model of user’s role based on sliding time window was established.Then,analyzing the characteristics of user’s malicious access traffic,the user access traffic and thecharacteristicsof user’s information entropy were weighted to construct an identification model based on multi-characteristics of the user’s malicious access behavior.The model can not only identify explosive and highly persistent malicious access behaviors,but also identify the malicious access behaviors which are small but widely distributed.Finally,the model was implemented by using big data storage and Spark memory computing technology.The experimental results show thatthe user of malicious access behavior can be found by using the proposed model when the network traffic is abnormal,and the user’s role can be identified accurately and efficiently,thus verifying its validity.

Key words: Data mining, Identification of use’s role, Malicious access behavior, Sliding time window, Web users

CLC Number: 

  • TP391
[1]KEMMAR A,LEBBAH Y,LOUDNI S.A Constraint Programming Approach for Web Log Mining[J].International Journal of Information Technology and Web Engineering (IJITWE),2016,11(4):24-42.
[2]SISODIA D S,VERMA S,VYAS O P.Agglomerative Approach for Identification and Elimination of Web Robots from Web Server Logs to Extract Knowledge about Actual Visitors[J].Journal of Data Analysis and Information Processing,2015,3(1):1-10.[3]JOSHILA GRACE L K,MAHESWARI V,NAGAMALAI D. Analysis of Web Logs And Web User In Web Mining[J].International Journal of Network Security & Its Applications,2011,3(1):99-110.
[4]XU X F,YANG L,WANG W.Novel role analysis method for network domain users[J].Chinese Journal of Network and Information Security,2017,3(3):22-27.(in Chinese)
许小丰,杨力,王巍.新颖的网络域名用户关键角色识别方法[J].网络与信息安全学报,2017,3(3):22-27.
[5]CHEN M S,PARK J S,YU P S.Efficient data mining for path traversal patterns[J].IEEE Transactions on Knowledge and Data Engineering,1998,10(2):209-221.
[6]XU J J,CHEN H.CrimeNet explorer:a framework for criminal network knowledge discovery[J].ACM Transactions on Information Systems (TOIS),2005,23(2):201-226.
[7]GUO Y,BAI S,YANG Z F,et al.Analyzing Scale of Web Logs and Mining Users’ Interests [J].Chinese Journal ofCompu-ters,2005,28(9):1483-1496.(in Chinese)
郭岩,白硕,杨志峰,等.网络日志规模分析和用户兴趣挖掘[J].计算机学报,2005,28(9):1483-1496.
[8]XING D S,SHEN J Y,SONG Q B.Discovering Preferred Browsing Paths from Web Logs [J].Chinese Journal of Computers,2003,26(11):1518-1523.(in Chinese)
邢东山,沈钧毅,宋擒豹.从Web日志中挖掘用户浏览偏爱路径[J].计算机学报,2003,26(11):1518-1523.
[9]JIN X.Web Log Mining Based-on Improved Double-Points Crossover Genetic Algorithm[J].Journal of Multimedia,2014,9(6):804-809.(in Chinese)
[10]YANG J G,WANG X T,LIU G Q.DDoS attack detection method based on network traffic and IP entropy[J].Application Research of Computers,2016,33(4):1145-1149.(in Chinese)
杨君刚,王新桐,刘故箐.基于流量和IP熵特性的DDoS攻击检测方法[J].计算机应用研究,2016,33(4):1145-1149.
[11]SAIED A,OVERILL R E,RADZIK T.Detection of known and unknown DDoS attacks using Artificial Neural Networks[J].Neurocomputing,2016,172(C):385-393.
[12]LEUNG K,LECKIE C.Unsupervised anomaly detection in network intrusion detection using clusters[C]∥Proceedings of Australasian Computer Science Conference.Australia,2005.333-342.
[13]RUBINSTEIN B,NELSON B,HUANG L,et al.Stealthy poisoning attacks on PCA-based anomaly detectors[J].Acm Sigmetrics Performance Evaluation Review,2009,37(2):73-74.
[14]LI Q,CHI L J,ZHANG Z X.A Novel Approach to Simulate DDoS Attack[J].International Journal of Wireless and Microwave Technologies(IJWMT),2011,1(2):33-40.
[15]SUN Z X,LI Q D.Defending DDos Attacks Based on the Source and Destination IP Address Database [J].Journal of Software,2007,18(10):2613-2623.(in Chinese)
孙知信,李清东.基于源目的IP地址对数据库的防范DDos攻击策略[J].软件学报,2007,18(10):2613-2623.
[16]GUI B X,ZHOU K,ZHOU W L.An IP Traceback Model Based Traffic Entropy Variations for DDoS Attacks[J].Journal of Chinese Computer Systems,2013,34(7):1607-1609.(in Chinese)
桂兵祥,周康,周万雷.通信流熵变量DDoS攻击IP回溯跟踪模型[J].小型微型计算机系统,2013,34(7):1607-1609.
[17]LI Q,SHEN T,GUAN Y.Research on Clustering Algorithm for Large Data Sets[J].Intelligent Computer and Applications,2012,2(5):42-45.(in Chinese)
李清,沈彤,关毅.面向大规模日志数据的聚类算法研究[J].智能计算机与应用,2012,2(5):42-45.
[18]ZHAO L.The Design and Implementation of Massive Search Logs Analysis Platform Based on Hadoop[D].Dalian:Dalian University of Technology,2013.(in Chinese)
赵龙.基于Hadoop的海量搜索日志分析平台的设计和实现[D].大连:大连理工大学,2013.
[1] LI Rong-fan, ZHONG Ting, WU Jin, ZHOU Fan, KUANG Ping. Spatio-Temporal Attention-based Kriging for Land Deformation Data Interpolation [J]. Computer Science, 2022, 49(8): 33-39.
[2] YAO Xiao-ming, DING Shi-chang, ZHAO Tao, HUANG Hong, LUO Jar-der, FU Xiao-ming. Big Data-driven Based Socioeconomic Status Analysis:A Survey [J]. Computer Science, 2022, 49(4): 80-87.
[3] KONG Yu-ting, TAN Fu-xiang, ZHAO Xin, ZHANG Zheng-hang, BAI Lu, QIAN Yu-rong. Review of K-means Algorithm Optimization Based on Differential Privacy [J]. Computer Science, 2022, 49(2): 162-173.
[4] ZHANG Ya-di, SUN Yue, LIU Feng, ZHU Er-zhou. Study on Density Parameter and Center-Replacement Combined K-means and New Clustering Validity Index [J]. Computer Science, 2022, 49(1): 121-132.
[5] MA Dong, LI Xin-yuan, CHEN Hong-mei, XIAO Qing. Mining Spatial co-location Patterns with Star High Influence [J]. Computer Science, 2022, 49(1): 166-174.
[6] XU Hui-hui, YAN Hua. Relative Risk Degree Based Risk Factor Analysis Algorithm for Congenital Heart Disease in Children [J]. Computer Science, 2021, 48(6): 210-214.
[7] ZHANG Yan-jin, BAI Liang. Fast Symbolic Data Clustering Algorithm Based on Symbolic Relation Graph [J]. Computer Science, 2021, 48(4): 111-116.
[8] ZHANG Han-shuo, YANG Dong-ju. Technology Data Analysis Algorithm Based on Relational Graph [J]. Computer Science, 2021, 48(3): 174-179.
[9] ZOU Cheng-ming, CHEN De. Unsupervised Anomaly Detection Method for High-dimensional Big Data Analysis [J]. Computer Science, 2021, 48(2): 121-127.
[10] LIU Xin-bin, WANG Li-zhen, ZHOU Li-hua. MLCPM-UC:A Multi-level Co-location Pattern Mining Algorithm Based on Uniform Coefficient of Pattern Instance Distribution [J]. Computer Science, 2021, 48(11): 208-218.
[11] LIU Xiao-nan, SONG Hui-chao, WANG Hong, JIANG Duo, AN Jia-le. Survey on Improvement and Application of Grover Algorithm [J]. Computer Science, 2021, 48(10): 315-323.
[12] ZHANG Yu, LU Yi-hong, HUANG De-cai. Weighted Hesitant Fuzzy Clustering Based on Density Peaks [J]. Computer Science, 2021, 48(1): 145-151.
[13] YOU Lan, HAN Xue-wei, HE Zheng-wei, XIAO Si-yu, HE Du, PAN Xiao-meng. Improved Sequence-to-Sequence Model for Short-term Vessel Trajectory Prediction Using AIS Data Streams [J]. Computer Science, 2020, 47(9): 169-174.
[14] ZHANG Su-mei and ZHANG Bo-tao. Evaluation Model Construction Method Based on Quantum Dissipative Particle Swarm Optimization [J]. Computer Science, 2020, 47(6A): 84-88.
[15] DENG Tian-tian, XIONG Yin-qiao and HE Xian-hao. Novel Clustering Algorithm Based on Timing-featured Alarms [J]. Computer Science, 2020, 47(6A): 440-443.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!