基于大数据分析的网络攻击主动防御系统
Big Data-Based Active Defense System Against Cyber Attacks

随着网络攻击手段的多样化和攻击规模的持续扩大，如何实现主动防御与实时威胁分析成为网络安全领域的核心挑战。本文提出了一种基于大数据分析的网络攻击主动防御系统，该系统采用Streamlit框架进行轻量化部署，结合MySQL数据库进行攻击数据存储，并利用支持向量机回归(SVR)模型预测潜在攻击目标。系统包含蜜罐监控、攻击数据实时分析、IP及端口词云可视化、攻击预测及端口智能分类等核心模块，能够高效捕获、分析并预测攻击行为。通过蜜罐技术，系统可实时检测远程代码执行(RCE)、SQL注入、XSS攻击等常见网络攻击，并结合机器学习模型动态评估未来攻击趋势。实验结果表明，该系统在大规模网络环境下具备高效的攻击检测能力，并能够通过可视化手段提升安全态势感知能力。相较于传统防御机制，本系统不仅可以在攻击发生时进行响应，还可提前预测攻击风险，为主动防御提供智能化支持，适用于高复杂度网络环境中的安全防护。
With the increasing diversity of cyberattack methods and the continuous expansion of attack scale, achieving proactive defense and real-time threat analysis has become a core challenge in the field of cybersecurity. This paper proposes a big data-driven active cyber defense system that utilizes the Streamlit framework for lightweight deployment, MySQL database for attack data storage, and Support Vector Regression (SVR) to predict potential attack targets. The system integrates key modules such as honeypot monitoring, real-time attack data analysis, IP and port word cloud visualization, attack prediction, and intelligent port classification, enabling efficient attack detection, analysis, and prediction. Leveraging honeypot technology, the system can detect real-time cyber threats, including Remote Code Execution (RCE), SQL injection, and XSS attacks, while employing machine learning models to dynamically assess future attack trends. Experimental results demonstrate that the system effectively detects attacks in large-scale network environments and enhances security situational awareness through visualization techniques. Compared to traditional defense mechanisms, this system not only responds to ongoing attacks but also anticipates potential threats, providing intelligent support for proactive defense and making it well-suited for cybersecurity protection in highly complex network environments.