安全態(tài)勢(shì)感知系統(tǒng)中K-Means算法的并行化研究
《信息技術(shù)與網(wǎng)絡(luò)安全》2020年第7期
江佳希,謝穎華
東華大學(xué) 信息科學(xué)與技術(shù)學(xué)院,上海201620
摘要: 大數(shù)據(jù)環(huán)境下的網(wǎng)絡(luò)安全事件層出不窮,安全態(tài)勢(shì)感知系統(tǒng)的應(yīng)用勢(shì)在必行。通過挖掘日志數(shù)據(jù)并進(jìn)行安全分析,可以實(shí)現(xiàn)對(duì)異常事件的追責(zé)與溯源,有效地減少網(wǎng)絡(luò)安全事故的發(fā)生。針對(duì)傳統(tǒng)K-Means算法時(shí)間開銷大、執(zhí)行效率低的問題,將改進(jìn)K-Means算法在大數(shù)據(jù)計(jì)算框架Hadoop上實(shí)現(xiàn)并行化,來滿足大數(shù)據(jù)下安全態(tài)勢(shì)感知系統(tǒng)日志安全分析的需求。實(shí)驗(yàn)表明,改進(jìn)后的算法在有效性和時(shí)間復(fù)雜度方面都優(yōu)于傳統(tǒng)算法。
中圖分類號(hào): TP311
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2020.07.006
引用格式: 江佳希,謝穎華. 安全態(tài)勢(shì)感知系統(tǒng)中K-Means算法的并行化研究[J].信息技術(shù)與網(wǎng)絡(luò)安全,2020,
39(7):36-40,51.
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2020.07.006
引用格式: 江佳希,謝穎華. 安全態(tài)勢(shì)感知系統(tǒng)中K-Means算法的并行化研究[J].信息技術(shù)與網(wǎng)絡(luò)安全,2020,
39(7):36-40,51.
Research on parallelization of K-Means algorithm in security situation awareness system
Jiang Jiaxi,Xie Yinghua
School of Information Science and Technology,Donghua University,Shanghai 201620,China
Abstract: With the emergence of network security events in a big data environment, the application of security situation awareness systems is imperative. By digging log data and performing security analysis, we can achieve accountability and traceability to abnormal events, and effectively reduce the occurrence of network security incidents. Aiming at the problems of large time overhead and low execution efficiency of the traditional K-Means algorithm, the security situation awareness system in this paper improves the K-Means algorithm to achieve parallelization on the big data computing framework Hadoop,and to meet the needs of log security analysis under big data. Experimental results show that the improved algorithm is superior to traditional algorithms in terms of effectiveness and time complexity.
Key words : Hadoop;security situation;K-Means;data mining
隨著大數(shù)據(jù)時(shí)代的來臨,SQL注入攻擊、XSS攻擊等網(wǎng)絡(luò)安全事件層見疊出,給網(wǎng)絡(luò)安全帶來了巨大的挑戰(zhàn)。日志記錄著設(shè)備運(yùn)行狀態(tài),各種安全事件都會(huì)在系統(tǒng)中留下日志記錄,通過對(duì)日志進(jìn)行分析,可以挖掘重要信息,實(shí)時(shí)掌握網(wǎng)絡(luò)安全狀況,既可做到事前防護(hù),又可做到事后追本溯源及責(zé)任追查。
本文設(shè)計(jì)的安全態(tài)勢(shì)感知系統(tǒng)將采集到的日志文件送至分布式文件系統(tǒng)HDFS進(jìn)行存儲(chǔ),在Hadoop架構(gòu)上將改進(jìn)的K-Means算法和MapReduce高效的并行計(jì)算能力相結(jié)合,對(duì)存儲(chǔ)的日志進(jìn)行聚類和分析。安全態(tài)勢(shì)感知系統(tǒng)可以實(shí)時(shí)監(jiān)控網(wǎng)絡(luò)安全態(tài)勢(shì),實(shí)現(xiàn)日志分析追責(zé),有效地減少網(wǎng)絡(luò)安全事故的發(fā)生。系統(tǒng)采用高可用部署模式,具有可靠、易拓展、易維護(hù)以及可視化的特點(diǎn)。
本文詳細(xì)內(nèi)容請(qǐng)下載:http://m.xxav2194.com/resource/share/2000003220
作者信息:
江佳希,謝穎華
(東華大學(xué) 信息科學(xué)與技術(shù)學(xué)院,上海201620)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。