北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2014, Vol. 37 ›› Issue (2): 93-98.doi: 10.13190/j.jbupt.2014.02.020

• 研究报告 • 上一篇    下一篇

Web访问日志安全分析技术研究

张峰1, 付俊1, 杨光华1, 景奕昕2, 唐威2   

  1. 1. 中国移动通信研究院, 北京 100032;
    2. 武汉华工安鼎信息技术公司, 武汉 432100
  • 收稿日期:2013-10-18 出版日期:2014-04-28 发布日期:2014-04-08
  • 作者简介:张峰(1977- ),男,高级工程师,E-mail:zhangfeng@chinamobile.com.

Research of Web Access Log Analysis of Security Technology

ZHANG Feng1, FU Jun1, YANG Guang-hua1, JING Yi-xin2, TANG Wei2   

  1. 1. China Mobile Research Institute, Beijing 100032, China;
    2. Wuhan Huagonganding Information Technology Company, Wuhan 432100, China
  • Received:2013-10-18 Online:2014-04-28 Published:2014-04-08

摘要:

传统Web漏扫及防护技术不足以实时评估Web服务器本身所面临的威胁态势,为此,针对大型复杂环境下Web服务器的安全威胁态势,提出了一种基于Web日志的安全威胁分析方法和系统.该系统从海量日志中提取和分析安全威胁事件,基于威胁行为特征模型,分析出Web网站曾受到的各类威胁,并生成站点综合风险指数,有利于网站针对性加固和加强综合防御能力.

关键词: Web安全, 日志分析, 风险评估, Web服务器

Abstract:

With the vigorous development of Chinese Internet industry, Web services are more and more applied to various domains like government, education, finance and telecom to realize services such as e-government affairs, business promotion, online trading. The security threats based on Web services are more than any time before. It is insufficient of the traditional vulnerability scan and defense technology to evaluate the threat trend faced by Web server. Aiming at the analyses on the thread trend of Web server under large-scale complex environment, this paper proposes a method and system based on Web log for security threat analyses. It extracts security threat events from a mass of logs and then makes analyses. With the use of characteristic model of threat behavior, it is able to exactly find all kinds of threats to the Websites. Synthetical comprehensive risk index for this Website is given which could contribute to the Website's aiming at strengthening its integrated defense capability.

Key words: Web security, log analyses, risk evaluation, Web server

中图分类号: