| Summary: | 碩士 === 國立中正大學 === 資訊工程研究所 === 106 === Log analysis is an important method of anomaly detection, and it is necessary to analyze abnormal behavior from various logs in a complex network. In a high-speed network (e.g., 40 ~ 100Gbps), the log volume becomes larger than ever. In this work, we proposed a method based on Pearson's chi-squared testing and belief propagation to identify and analyze regular network activities, which typically come from automated programs. The hosts with such network activities may perform some kinds of automatic behaviors, including suspicious ones. We combine the features about port numbers and host names together with the connection regularity to find weird network activities in the network log. The analysis result is used as the feedback to update the monthly blacklist established in the belief propagation. In the evaluation from real network traffic in the campus of National Chung Cheng University from April to May 2017, we can find out the hosts with suspicious connections from highly regular ones. We can provide the list of suspicious activities to help the computer center pay attention to the hosts which are suspicious but not noticed and banned.
|
|---|
