| The fast development of network makes distributed computation the main stream of all kinds of application. As Internet has the exoteric, linked and sharing characteristic, it became easier and easier for others to attack the network. In the past few years, the category and mounts of attacks which is towards critical resources in the Internet has increased .How to deal with this situation and how to handle with threatens in the first time is becoming a pot in the field of network security.There are some kinds of new IDS. (For example there is Cisco's Mars system, and eSecurity's SEM system.) Their character is has some abilities of judging abnormal mode of attacks, and they can make initiative response to threatening of the Internet. But it has the disadvantage of high costs and being lack of interface with third companies' products. So they are not widely accepted in our country.Here we designs and realizes a log gathering system. By digging into these log information with mathematical statistics and correlating them, we can recognize the most dangerous attacks in the network withdecreasing misreport rate, and share information with active protection system.As there are too many useless information in the log for our system collects. If we don't give them pretreatment, the useless information will flood the useful information.We use data-mining methods to treat these information, we use sorting methods to remove useless information, use statistical methods to mining the left information, and finally we associate the different logs. We use clustering methods to find DoS attacks and worms of the internet, meanwhile we use matching methods to find some high risk hacker attacks. So we find out the high risk network attacks of the internet. We associate different logs with timestamp, decrease the misreport rate and sharing information with initiative defending system, which raised its efficiency and accuracy. |
PDF Full Text Request