Telecom Operators Personnel Behavior Analysis In The Research And Design

With the development of science and technology,the computer has deep into our work,study and life.The network has brought us convenience,but it also produces a variety of security issues.In order to strengthen the employees' work behavior norms and ensure the company's core data security,we use hadoop technology as a data storage and processing technology framework to collect and audit the user logs,so that we can analyze the existence of security risks and response in time.User behaviors that need to be audited includes:login behavior,account management,password modification,rights management,system operating behavior,network applications,file transfer,mail and file transfer protocol.The thesis analyzes and researches the users' behavior from four aspects.1)Design of audit rule generation model:Rules are divided into rule headers and rule options,and define their own grammar.Using the Apriori algorithm to mining the strong association rules and the administrator define in two ways to improve the rule base.In view of the shortcomings of Apriori algorithm,it is optimized by adding mark in the useless transaction records that generate frequent itemsets,and improve the efficiency of association rules mining.2)Log collection:In this thesis,we use multi-point distributed data collection to combine the host data source and networks data source.We use Flume and Kafka open source software.Flume can customize various data senders for collecting data.Kafka can not only implement the data cache,but also use the theme and the partition for data classification and load balancing.3)Design and implement the audit system:Based on the optimization of Apriori algorithm,we mining the user's strong association rules and generate rule base.We use the feature matching,frequency analysis,correlation analysis and key words analysis methods to audit the user's behavior.And for abnormal behavior,we will send the audit result to the security administrator,then the administrator makes decisions based on the feedback of audit results.4)The efficiency of the algorithm audit is tested by changing the support degree and the log audit quantity,and the accuracy of the audit is tested by the preset abnormal test,and it is concluded that the improved algorithm is feasible and the stability of the system by the result of the audit of effective analyses.