| 摘 要: 随着网络应用的发展,针对Web服务的恶意攻击也日益增多,如何在第一时间找到恶意的攻击日志,确认攻击者IP和漏洞位置,为后续的漏洞修补和攻击溯源提供有效帮助,是本文的研究重点。本系统通过漏洞测试工具收集恶意请求URL,使用Python的Sklearn(Scikit-learn)框架实现SVM(Support Vector Machines, 支持向量机)模型,对收集到的恶意URL进行关键词和特征提取,再对模型进行训练,训练结果通过Pickle方式保存。使用本系统可以对常见的漏洞利用方式如SQL注入、XSS、远程代码执行等进行检测,为Web服务的安全运行以及漏洞修复、重新上线等提供有效帮助,减少漏洞攻击事件带来的损失。 |
| 关键词: SVM;日志审计;机器学习 |
|
中图分类号: TP315
文献标识码: A
|
| 基金项目: 2021年徐州工程学院大学生创新训练项目(xcx2021322,xcx2021318);2020年徐州工程学院大学生创新创业基金项目(2020047). |
|
| Design and Implementation of Log Analysis System based on Machine Learning |
|
WANG Ke, KANG Xiaofeng, ZHANG Baichuang, CAI Chaoping, ZHANG Yifan
|
(College of Information Engineering, Xuzhou Institute of Technology, Xuzhou 221000, China )
admi1n@163.com; kxfeng07@163.com; 2936937335@qq.com; syldyx2020@163.com; 2475313260@qq.com
|
| Abstract: With the development of network applications, malicious attacks against Web services are also increasing. The research focuses on how to find the malicious attack log at the first time, confirm the attacker's IP and vulnerability location, and provide effective help for subsequent vulnerability repair and attack traceability. Malicious request URLs are collected through vulnerability testing tools and Python's Sklearn (Scikit-learn) framework is used to implement SVM (Support Vector Machines) model. Keywords and features are extracted from the collected malicious URLs and then the odels are trained. The training results are saved in Pickle mode. This system can detect common vulnerability utilization methods such as SQL (Structured Query Language) injection, XSS (Cross Site Script), remote code execution, etc., and provide effective help for the safe operation of Web services, vulnerability repair and re-launch, so to reduce the losses caused by vulnerability attacks. |
| Keywords: SVM; log audit; machine learning |
