Research On Monitor And Audit Of Website Security Based On Logs

The information when users visit the website is recorded by web server logs. Through analyzing this information, the visit details and website attackers can be found within a certain period of time, which will provide protection approach for the website security. But with the rapid increasing of users, logs also increases several times. Manual analysis to these logs is undoubtedly huge wok and also inefficient. Because the complexity of web site system, the attack behavior of attacker has become more and more complicated, the traditional matching mode has not been able to detect these attack behavior. Therefore, how to access these log information and analyse them for finding the suspicious attacker has become an urgent matter.According to the above problem, this paper design a site security monitoring and auditing system based on log (Monitoring and Auditing Website Security, MAWS) combining with an emergency center’s requirement. Firstly, this paper loaded log files from the FTP server in parallel with multi thread technology for improving the processing speed of the log files, then stored the log field information extracted form log files in the database in order to analyse them more simply. Secondly, this paper used session identification technology to analyse user’s log information for finding the session of the user and used the naive Bayes algorithm to classify the session feature samples of normal users and attackers for geting the abnormal behavior detection model. It has been tested this model can detect the rare web attack behavior effectively, thereby this model enhanced the attack detection ability of web site, which provides an effective way for the maintenance of website security. In summary, the main work of this paper includes two aspects as follows:1. Using parallel processing technology to load log files;2. Finding attack behavior through log field;3. Analyzing the log files for extracting the user session information effectively;4. Using the naive Bayes algorithm to classify the session feature samples of normal users and attackers for getting the abnormal behavior detection model.