Security Event Analysis Based On Multi-Source Logging Of Campus Network

The specialization of network attack tools and the complexity of network attacks make network security an unavoidable problem and appear in front of people.The application of various safety devices in the computer network system has solved the problem of network security in a certain extent,but has been unable to meet the high availability and high reliability of people who visit the network,guarantee the security of the computer system.Therefore,the log analysis as a new solution has been put forward,but with the amount of log data emerge in an endless stream of explosive growth and log format,mining valuable information from the massive log,find out potential problems become more and more difficult.A security event analysis system based on multi-source log of campus network is designed and implemented for multi-source heterogeneous log in campus network.Taking HDFS distributed file system as the log storage platform,the Spark large data processing framework is used as the log analysis platform,and the association relation of the attack behavior in the network is obtained through experiments.The log data of different sources and different formats,through the data cleaning to remove lots of logging errors and missing value,in view of the specific log,make regular expressions,using regular expressions of regular capture groups from text log information can be derived from the field,using the feature selection algorithm to reduce the redundancy between data attributes and reduce the data dimension,to improve the quality of data,combining with the data mining methods such as statistics and machine learning,we find the hidden,unknown,and abnormal potential rules or patterns.Through the association analysis of the alarm logs generated by various devices,found that users in the network behavior,and then determine the nature of the user's network access behavior.The experimental results show that the behavior of the attacker can be effective ly discovered by analyzing the multi-source log and constructing the abnormal behavior rule base.