Research And Application Of Security Analysis Technology For Campus Network Web Logs

The construction of information technology in universities is showing a vigorous development trend,and the campus network has become an important component of the school’s information technology construction.Students,teachers,and other staff can conveniently access and share information through the campus network for various learning and work activities.However,with this comes the constantly increasing risk of network attacks that the campus network is facing.These risks come from various malicious software,hackers,and other network security threats,which may result in sensitive data leaks,system crashes,and personal privacy breaches.Web logs record the access records of all users during server operation,including access requests from normal users and traces left by malicious users during network attacks.By analyzing web logs,administrators can understand the overall situation of server operation,and timely discover and investigate potential network security issues.However,current security analysis methods are difficult to cope with the challenges of the growing number of attacks and rapidly changing attack patterns.Therefore,a more intelligent security analysis technology is needed to detect the security status of campus network servers.This thesis focuses on the campus network web log as the research object,and uses data mining and deep learning methods to further study web log security analysis technology and apply it to the campus network.The main work of this thesis is as follows:(1)An automated method for extracting abnormal payloads from web logs is proposed,which efficiently retrieves attack behavior payloads by analyzing HTTP request payloads in web server logs using anomaly detection techniques.This method significantly improves data acquisition efficiency compared to manual sampling of attack samples.(2)A web log security analysis model is designed to detect attack behaviors in campus network web logs.It employs feature character analysis,access frequency analysis,and malicious request detection to identify various attack behaviors.Feature character analysis and access frequency analysis efficiently recognize known attack behaviors defined by predefined rules.This model enhances the accuracy and efficiency of attack detection compared to traditional methods.(3)A malicious request detection model that integrates multi-granularity features is proposed to identify unknown attack behaviors.By modeling web log requests at both word-level and characterlevel granularity and utilizing a fusion of multiple granularities for classification,this method accurately classifies and labels requests,thereby improving the accuracy of log security analysis compared to using single-granularity feature methods.(4)A campus network web log security analysis system is designed to present the server’s security status and log analysis results to users through an intuitive and user-friendly web interface.