| With the development of network technology,network security problems are becoming more serious,the potential security risks on the Internet are more and more.The Distributed Denial of Service attack is one of frequently used attacks by hackers,by sending a large number of ICMP echo messages to the network,it will lead to ICMP flooding,and the target has to spend much time and resource to deal with ICMP echo messages,and cannot handle normal request and response.How to locate the source of the attack and find out attack information is of great importance for resisting ICMP flooding attack.Log analysis is an important method to trace attack path,but it always has the problem of low accuracy when processing massive log.This thesis proposed a log analysis method for ICMP flooding based on FP-Growth algorithm,and on the basis of this scheme,the thesis implemented a log analysis system.The method finds out frequent pattern sets in log records with the use of frequent pattern mining algorithm FP-Growth,path information of ICMP flooding attack that is from source to target can be extracted in frequent pattern sets after calling IP backtracking algorithm.The system model consists of five modules,Selecter,Processer,Analyser,Servicer and Database.The Selecter module mainly collect logs produced in network devices;The Processer module generates log records after filtering and formatting logs.The Analyser module is analysis logic of the system and is a key part of the log analysis system;The Database module stores results that produced in above modules;The Servicer module displays result information.Through simulating ICMP flooding attack,the system analyzes the attack logs,finds out attack path that is from source to target.The experiment results shows that the method is more accurate than previous algorithm,accuracy increased by 25%,the system extract attack information at last. |
PDF Full Text Request