| With the continuous development of science and technology,the Internet has penetrated into every aspect of people's daily study and life.The Internet brings a wealth of information resources to people.However,with the convenience and speed brought by network services,the openness of network services also provides an opportunity for attackers.While the network application is developing rapidly,the way and scale of network attacks are also rapidly iterating and developing.As the record of the user behavior,web logs inevitably become another important research topic of network security.In recent years,many anomaly detection methods based on web log analysis have been proposed.However,most of these methods focus on a single web log content,but ignore the relationship between users and web logs.The main work of this paper is as follows:1.Establish a network log data model.The string attribute and character distribution information are selected as features to compare the normal log with the abnormal log.Two unsupervised log anomaly detection methods are applied to classify network logs and point out their limitations.The network log behavior topology network is constructed,and the statistical characteristics of complex networks such as degree distribution,aggregation coefficient and median are analyzed.2.A log anomaly detection algorithm based on user behavior is proposed.A user behavior network is established based on the behavioral topology of the network log.Combining the network structure with the characteristics of the abnormal user,five indicators are proposed to determine the abnormal user and the abnormal log.Experimental verification shows that the performance of this algorithm is better than other unsupervised algorithms.Improved an attack detection algorithm that extends the scope of log detection from logs with parameters to all logs and uses this algorithm to evaluate abnormal users and exception logs.3.Abstract the behavioral topology of the network log into a two-tier cascading failure model.A cascaded failure model with dynamic dependency groups and repair mechanisms is constructed.The way in which the two layers interact is defined.The theoretical analysis of the proposed model is given and the expression of the largest connected branch is derived.Simulation experiments show the authenticity of the theoretical solution.Factors affecting the multi-layer network cascade failure model are studied.Simulation experiments show that the proportion of dependent nodes is related to the size of the dependent groups and the robustness of the network.In addition,increasing the tightness of the network connection can also make the network more robust. |
PDF Full Text Request