关键词: 防扫描, 机器学习, 朴素贝叶斯算法, 网络安全, spark, iptables

Abstract: With the development of Internet technology, web application systems have been widely used in government portals, ecommerce, Internet and other industries, which are convenient for life and work, but also bring network security risks. Hackers can not only find server vulnerabilities by scanning technology, but also generate a large amount of network bandwidth due to scanning, which causes normal network communication to fail. To solve this problem, it is proposed to analyze the client access log, extract the response code of the past 2s IP access in the log, the proportion of the number of IP accesses in the past 2s to the total number of IP accesses, and the response code of the IP access in the past 2s. The proportion of 404 accounts for the current IP access, the port variance of the IP access in the past 2s, the number of IP addresses in the past 100 logs, and the number of 404 responses in the past 100 logs. In the past 100 logs, the port variance of this IP access has 7 characteristics, and the scanning behavior is identified by the naive Bayesian classification algorithm in machine learning. And use the spark MLlib Bayesian algorithm to train the scan log of the hdfs platform, update the algorithm template regularly, and realize the ability to resist malicious scanning. Finally, the network layer is blocked by iptables. The method improves recognition accuracy, reduces false positive rate, effectively reduces malicious traffic, and protects customer websites.

Key words: anti-scanning, machine learning, naive bayesian algorithm, cyber security, spark, iptables