Network Security Detection And Implementation Based On Logfile Data Mining

In the network systems,log analysis and management play an important role in the security of network information system.Logs can be used to record the running states that the switching equipment performs in the network system.Once the equipment fails,the system administrator can view the log information to solve network problems.This paper comes from a power supply company ICT sector.The existing log management system can't apply directly to the sector that has special requirements on network environment and security.Therefore,according to the characteristics of network structure and the application requirements,this paper designs and develops a log analysis management system.The main work is as follows.Firstly,this paper analyzes used log analysis and management tools,and then discusses the typical log acquisition mode.And studies comparing the current log analysis for attack cyber threats.Secondly,this paper proposed network Logfile security testing framework and workflow,improving the k-means clustering algorithm based on adaptive genetic algorithm,which improves the genetic algorithm crossover and mutation operator.Through simulation experiments,we can show that the algorithm and the traditional compared to the clustering algorithm has stronger ability,which can effectively be applied to network security log analysis,thereby strengthening network security protection system performance.Thirdly,the proposed system implemented the specific functions,which includes seven modules:log collection module,registration and login authentication module,log classification module,the log information management module,report generation module,attack and warning module and export data module.The system can achieve many functions in the network systems,such as the collection,storage,query,statistics and analysis of the log data.Based on the warning information about network attacks that the log information provides,the maintenance personnel can be informed the security alert timely.The administrators can gain the meaningful log analysis data from the collected data to know the running states of the network devices and realize the centralized management of the network equipment log.