| As the Information-based degree of our country improves, security becomes more significant. Many kinds of security products are adopted by corporations and users to guarantee the network security. However, most of these products are incompatible, independent with each other, and cannot work as a whole. Since security products have comparatively perfect log and alert system, by using security audit mechanism, collecting and analyzing the data of log and alert from security products, finding the rules of data, important information of security can be provided, and then, systematic efficiency can be integrated.In this paper, the requirement of our research is analyzed, and security audit mechanism is studied. Based on them, the model of the Integrated Security Auditing System for Campus Network Based on Data Mining is designed, which collects log and alert data from many network security products. So, an idea of fusing network security products efficiency is bring forward.Based on the design of model, the key technology in log data analyzing is researched. By clustering algorithm of Data Mining, DBSCAN, the process of disposing log data is quantized, and the process is realized to validate our model. This method resolves the problem of log data integrating efficiently. The result indicates the model can find the clusters of log data, which are close and help the users to judge the operating and security status of the whole network.Aimed at the limitation of the DBSCAN algorithm in determining parameters, by dividing data into several parts based on grid, a method is improved to get some values of Eps, which is a parameter of DBSCAN. This method can determine more appropriate parameters and achieves better performance in the case of asymmetric density and interlaced clustering shape. |
PDF Full Text Request