多源异构日志分析技术是目前国内外网络安全领域的研究热点.首先,提出了一种包括聚焦分析、统计分析和因果关联分析在内的多源异构日志综合分析模型,引入重要度评价方法对日志信息进行聚焦分析,并通过实例加以说明;然后探讨了多源日志因果关联分析算法;最后利用网络实例数据,对所提出的综合分析模型和算法进行了验证.结果表明该模型和算法是可行的和有效的.%The multi -source heterogeneous log analysis technology is one of the hottest topics in the area of network security in recent years, which attracts the interest of more and more domestic and abroad researchers. According to the characteristics of multi-source log in network system, a multi-source heterogeneous log analysis model which composed of focused analysis, statistical analysis and causality correlation analysis is proposed in this paper. Importance Evaluation method is introduced to the focused analysis for log information and an example is given to illustrate it,then causality correlation algorithm for multi-source log is discussed. Finally an example of actual network data is given to validate the comprehensive analysis model and algorithm. The results show that this model and algorithm is feasible and effective.
展开▼
