网络安全与数据治理2026,Vol.45Issue(1):14-19,6.DOI:10.19358/j.issn.2097-1788.2026.01.003
高噪声日志攻击源识别方法研究及实现
Research on methods and systems for identifying high-noise log attack sources
高原 1汪辰瑞2
作者信息
- 1. 安徽省水科学与智慧水利重点实验室,安徽 合肥 230091||安徽省大禹水利工程科技有限公司,安徽 合肥 230088
- 2. 安徽省水科学与智慧水利重点实验室,安徽 合肥 230091||安徽省建筑工程质量监督检测站有限公司,安徽 合肥 230088
- 折叠
摘要
Abstract
With the expansion of information system scale and the diversification of network attack methods,network security situation aware-ness platforms and other operation and support platforms generally suffer from problems such as alarm fatigue,high false alarm rates,and diffi-culty in attack attribution when facing massive heterogeneous logs.To address the challenges of attack source identification and threat attribu-tion in high-noise log environments,this paper proposes a method for identifying attack sources in high-noise logs.This method uses a dynamic scoring model of attack source IPs based on multi-dimensional rules to achieve dynamic assessment and updating of the threat level of attack sources.Simultaneously,the system utilizes knowledge graphs to complete attack chain reconstruction and visualization analysis,improving the interpretability and handling efficiency of security incidents.Experimental results show that this method achieves a log compression rate of 99.6%on real log data in the water conservancy industry,reducing the false alarm rate to 8.3%,significantly improving security operation effi-ciency and response capabilities.The research results provide a feasible technical path for intelligent operation of industry-level network security.关键词
网络安全/日志降噪/动态评分模型/知识图谱/威胁溯源Key words
cybersecurity/log denoising/dynamic scoring model/knowledge graph/threat attribution分类
信息技术与安全科学引用本文复制引用
高原,汪辰瑞..高噪声日志攻击源识别方法研究及实现[J].网络安全与数据治理,2026,45(1):14-19,6.
