摘要
随着网络攻击数量和种类的不断增加,基于蜜罐(Honeypot)系统的海量攻击日志分析变得更加困难和耗时。仅仅凭借一个事件推断黑客意图和行为是非常困难的。这就要求在蜜罐系统的研究中进行整体性分析,数据挖掘技术就是这样的整体性分析工具。首先阐述了蜜罐系统的原理,然后以开源蜜罐系统Honeyd捕获的真实日志数据为例,使用关联规则挖掘先验(Apriori)算法对日志的特定属性进行分析,找出不同网络连接记录属性之间的关联规则,从中发现并理解攻击者的攻击行为和攻击模式,验证了数据挖掘技术应用于蜜罐日志分析中的可行性。
With the significant increase in amount and type of network attacks,analysis on Honeypot logs with huge volume becomes more difficult and time-consuming,and data mining technology is a tool for analyzing the dataset as whole and for improving the work efficiency. This paper first describes the principle of the Honeypot system. Then the data mining algorithm Apriori is applied to analyzing the attributes of the log data captured by Honeyd-an open source Honeypot solution,and further to identifying data association rules,and then by these rules discovering and understanding hackers' behaviors. The research work also proves the feasibility of data mining technologies in the field of Honeypot log analysis.
出处
《信息安全与通信保密》
2011年第4期77-79,共3页
Information Security and Communications Privacy
基金
上海市科学技术委员会科研计划项目课题"文字作品互联网传播追踪与定位关键技术研究"资助(编号:09dz1501202)
关键词
蜜罐
日志分析
数据挖掘
关联规则
Honeypot
log analysis
data mining
association rule
