| By Web log analysis,we can not only detect intrusions but also identify security vulnerabilities and take measure to prevent attack in time.Manually analyzing large volumes of log files is time-consuming and low productivity.It is very necessary to build an intrusion detection system for safety analysis of Web log.According to the actual situation of Shijiazhuang Institute of railway technology website, using pattern matching intrusion detection technology, the author design an intrusion detection system based on Web log.Several key technical problems for implementing this system are how to efficiently collect data,how to make a reliable description of attack signatures and which algorithm used to quickly and accurately detect attacks. To store log data into database,we can take full advantage of database technology for data management and processing.In this paper,according to the features of Web log, the author designs a method for automatic acquisition of Web log data through DTS.The method implements importing Web log data to SQL server databse through Data Transformation Services every hour.Then the author summarizes the attack characteristics by post-moterm analysis for large number of Web application attack log and implemented the attack signatures database. Last, the author constructs the system's intrusion detection scheme using an improved algorithm of BM pattern matching.The system is structurally composed of four modules:data collecting module,database managing module, security analysis module and monitoring platform module. The paper makes a detailed description on the four modules. The system based on B/S structure and is implemented on the.NET Development Platform. The last part of this paper makes a summarization of all the work and the prospective of the future job. |
PDF Full Text Request