| With the development of network technologies,the security of computer networks has received more and more attention.this is due to malicious network attackers who illegally invade,steal,modify,upload malicious information,and obtain password information from user hosts.or occupies network resources,causes network traffic,etc.,causing irreparable harm to people.these threats not only affect the further development of the computer network,but also pose a threat to the information security of the network operations department and various user businesses.Therefore,how to actively control and effectively defend these illegal activities is an urgent problem to be solved in the development of computer networks.Since the issue of network security is getting more and more attention from people,how to improve network security performance and how to conduct forensic analysis when network security problems are compromised,so as to leave evidence for combating intrusion and become the key to network forensics? Therefore,the main purpose of this paper is to devote to research evidence analysis and design a log analysis system based on the core cluster analysis algorithm.Through simulation attacks,the test results are satisfactory.The following is a brief summary of this article:(1)Under the understanding of many frontier research backgrounds at home and abroad,combined with their own understanding of this aspect,through the review of a large number of documents,and under the current situation of the research and development of the system,a user-related survey was conducted and the system was required.The analysis has made an accurate positioning of the research direction of this system,and has learned the related technologies of system development,For example,how to use Min Sniff to capture data,check data integrity,and how to use Web Service technology to build platforms.(2)Under the relevant knowledge of data mining,we have a certain understanding of clustering,and put forward a corresponding improvement to the traditional clustering algorithm.Through testing,the collected log data can be analyzed quickly after the algorithm is improved.(3)Through investigation and understanding of user needs analysis,the system's basic framework and internal detailed module functions are designed.First of all,the system is designed in an overview.The log analysis system will be divided into two parts,one is the data acquisition part and the other is the evidence analysis part.At the end of the design,the database table was designed and the log data collected in the system was placed in the database to ensure the integrity of the data.Easy to find.(4)After completing the design of the system and the design of the database,this paper adopts the C/S architecture model under the development environment of VS2008 to realize the functions of each module of the log analysis system based on the core clustering algorithm,and finally pass the test and obtain the Logs are analyzed to evaluate system performance. |
PDF Full Text Request