Research And Implementation Of Security Audit System Based On Real-Time Computing

The development of Internet technology has brought great convenience to people's lives,but at the same time,potential security problems pose great threaten to people's work and life.Audit system based on log data can effectively reduce network security risks.The traditional audit methods based on log data use offline methods to process data.Those methods tend to deal with a large number of data at the same time,with poor real-time performance.Aiming at the above problem,this paper builds a URL-based security audit model,and completes the research and implementation of a real-time computing-based security audit system.The main work of this paper is as follows:1.Analyze common URL audit result classification schemes,and designed a set of feasible fine-grained classification schemes for the phenomenon that the classification granularity of the existing schemes is too coarse:on the basis of balancing the refinement of classification results and the cost of auditing,malicious URLs are subdivided,which effectively reduces the cost of subsequent problems'positioning;2.Summarize the URL character features proposed by the predecessors:URL length,path length,etc.,add type features when extracting features,and propose an online feature extraction model based on character features and type features.The model is proved to be more effective;3.In real-time computing scenario,traditional random forest classification algorithm need to be polished,as the result of which an incremental random forest algorithm based on the time window is proposed.To finish the algorithm,this paper designs the random sampling scheme at the decision tree side and the incremental decision tree construction algorithm.Experiments show that the improvement plan is effective;4.Construct an audit system,based on the Flink,a real-time computing framework,and the security audit model proposed in this paper,and the system is proved to be useful and reliable.This paper constructs a security audit system based on real-time computing technology.The results of experiments show that this system is effective and can audit data in real time.