In this paper,a dynamic malicious web page detection model is designed and implemented,and based on mining the data of Capture-HPC honeypot logs,the high false-alarm rate problem in honeypot system has been solved.The system converts honeypot logs into operation and data mining sequences,from which the attribution feature information can be extracted effectively by cluster analysis,and be the white and black list of diferentiation basis after optimisation.In the paper we validate through an experiment the rationality of the model design and the effectiveness of model in false-alarm reduction.%设计并实现一种恶意网页动态检测模型.模型通过对Capture-HPC蜜罐日志进行数据挖掘的方法,解决了蜜罐系统检测误警率过高的问题.通过将蜜罐日志转换成操作序列和挖掘序列,可以有效地通过聚类分析提取属性特征信息,并优化作为判别依据的黑白名单.通过实验验证了模型设计的合理性,以及模型降低误警率的有效性.
展开▼