Research On Network Security Auditing Technology Based On Big Data Analysis

Nowadays the Internet has been popularized in large areas and the Internet has brought tremendous convenience to people's lives.At the same time,various cyber attacks threaten the security of network infrastructure,enterprise services and personal hosts.Among all cyber attacks,DDoS attacks have become one of the most devastating cyber-attacks with their devastating and secretive nature.In order to effectively detect DDoS attacks,this paper studies the application of big data processing technology in network security audits.The main work and innovations are as follows:(1)Analyze the key technologies of DDoS attacks and the system architecture design of traditional network security auditing systems.We consider that traditional network security auditing systems have the problem of limited computing power and can't detect DDoS attacks in real time through log analysis.Therefore,we propose that the DDoS attack can be detected by the combination of the large data stream processing framework and the traditional network security auditing technology.The DDoS attack detection system based on the Spark Streaming framework designed in this paper verifies the feasibility of the scheme.The system has the ability to process massive amounts of network data and can detect DDoS attacks in real time.The TCP session management module based on the Spark Streaming flow computation combines the stream processing framework with the TCP reorganization algorithm.This method describes the network traffic from the TCP session dimension and provides a new perspective in detecting DDoS attacks.(2)The traditional DDoS attack detection method has the problems that it is difficult to set the detection threshold and identify the attack host.In this paper,the DDoS attack detection algorithm based on the sliding average algorithm and the logistic regression two classification algorithm is proposed to solve the above problems.The algorithm stage 1 proposes we can predict the future traffic growth trend based on the historical feature data within the sliding window,and then we discusse the influence of the adaptive threshold on the detection result.Experiments show that the algorithm has a high accuracy and recall rate.Stage ? of the algorithm proposes to establish a logistic regression binary classification detection model at the granularity of TCP sessions.In this paper,we first use TCP session reorganization algorithm to build a conversation and update the feature vector in real time,and then generate the training set to solve the model,and finally discuss the model tuning.Experiments show that the established model has high accuracy and recall rate when detecting attack sessions.(3)This paper proposes several features based on TCP sessions to describe network traffic,such as the duration of TCP sessions,self-information of TCP access frequency,and so on.Observing the trend of the feature before and after the attack shows a significant difference.It is proved that the proposed feature can distinguish normal traffic from abnormal traffic.