本文主要研究针对航空公司大型网站业务的异常访问行为，旨在 通过本文的研究，识别网站安全风险，在大型航空公司企业风险管理 中，帮助企业减 少技术风险。通过研究基于网站业务的异常访问行为 所关注的相关业务，提高企业网站安全管理的能力，使得航空公司可 以更好地保护自身的网站信息资产，减少网站安全风险 造成的直接或 者间接的经济损失。 本文首先收集了A航空公司海外官网超过一个月的全量访问日 志信息，通过kafuka集群实时分发到大数据集群中保存。然后对原 始数据进行打 标。接着对于打标以后的原始数据进行聚类，期间采用 人工介入的方式对于各种聚类算法的结果进行调整和优化，尝试算法 超过5种，最后除了正常访问以外得到6类异常访问行 为。再然后将 原始的打标数据与6类异常访问行为对应后再对数据进行整理和归 并，尽可能减少在总体分布中比例过小的变量，为后续的回归计算进 行准备。数据整理完成后， 通过逻辑回归和多类别逻辑回归模型在云 平台上对于6800万条数据进行回归计算，最终得出对于异常访问的 回归结果。之后根据计算结果，结合海外官网的业务进行分析，总结 对于控制异常访问风险的管理启示，从而实现本文的研究目标。 通过本文的研究，证实了基于网站业务的异常访问对于海外官网 带来了很高的安全风险，明确了异常访问最感兴 趣的网站业务，了解 了异常访问的来源，知晓了各个地区访问的风险程度，找出了2个大 型异常访问的源头，分析了各异常访问之间以及异常访问与普通访问 之间的区别。最终 对于A航空公司整体网站安全风险以及海外官网 的安全风险提出了多项管理措施。 本文的新意在于研究了业务角度的异常访问行为，且研究之前是 不知道具体存在哪些异常访问 的行为的，在聚类的阶段采用了有监督 与无监督相结合的人工智能学习方式，之后通过计量经济的模型对于 聚类结果进行回归分析，从而得出风险的影响因素，期间不设任何假 设以及限制，使得本文中的研究方法具有较强的普适性，对于基于网 站业务的异常访问的发现以及相应的风险管理有参考意义。 关键词：企业风险管理，异常访问，风险识别， 逻辑回归 RESEARCH ON SECURITY RISK IDENTIFICATION OF A AIRLINES’ OVERSEAS OFFICIAL WEBSITE ABSTRACT Abnormal access behavior plays a significant role within the website security risks facing by today’s enterprises. The research of this paper focuses on discussing the issue of abnormal access behaviors of airlines’ large-scale website business. The purpose is to identify and to analyze such website security risks in order to reduce the overall technical risks within the risk management of large airlines. Moreover, business which are related to the website business targeted by the abnormal access behavior will also be concerned to ensure the comprehensiveness of risk control. By doing so, airlines are able to improve their risk management, and to become more resistant in terms of website information assets protection during security risks, which reduce the overall economic loss as well. Initially, the study collects the monthly full access log information of A airline’s overseas official website, and distributes it to the big data cluster through the KAFUKA cluster in real time. After that, the original data is marked, then clustered. The results of various clustering algorithms are adjusted and optimized by manual intervention; more than 5 algorithms are attempted. Finally, 6 types of abnormal access behaviors are obtained besides normal access. Next, the original marking data is matched with the 6 types of abnormal access behaviors, the data is then sorted and merged. Meanwhile, in order to prepare for the upcoming logistic regression calculation, variables with relatively small proportion in the overall distribution are reduced as much as possible. After the data is sorted, 68 million pieces of data are processed and calculated on the cloud platform through logistic regression and multinormal logistic regression models. Eventually, the regression results of abnormal access are obtained. Based on the calculation results along with the overseas official website business analysis, the management implications can then be formed for controlling the abnormal access risk, thus achieving the research objective of this paper. The research of this paper demonstrates that the abnormal access of website business brings high security risk to overseas official website, and indicates the website business that attract the most abnormal access. It also identifies the source of abnormal access, and understands the degree of risk of access in various regions. Likewise, the sources of two large exception accesses are found, and the differences between abnormal accesses and normal access are analyzed. In the end, a number of management measures are proposed for the overall website security risks of A Airlines, and the security risks of overseas official websites. The novelty of this paper is that it addresses the issue of abnormal access behavior through the business perspective. Before the research, one is not able to define specific abnormal access behavior. In the clustering stage, the artificial intelligence learning method combining supervision and unsupervised is adopted. The econometric model performs regression analysis on the clustering results to derive the risk influencing factors. There are no assumptions and restrictions during the research period, which makes the research methods in this paper have strong universality. It provides reference for the discovery of abnormal access based on website business and the corresponding risk management. KEY WORDS: enterprise risk management, abnormal access, risk identification, logistic regression 目 录 第一章 绪论 .................................................................. 1 1.1 研究背景 ............................................................. 1 1.2 海外官网研究背景 ..................................................... 2 1.3 本文研究的问 题和意义 ................................................. 5 1.4 本文的研究安排 ....................................................... 6 第二章 文献综述 .............................................................. 8 2.1 企业全面风险管理 ..................................................... 8 2.2 风险成因与 影响研究 ................................................... 9 2.3 风险识别的研究 ...................................................... 10 2.4 风控策略和措 施的研究 ................................................ 10 2.5 网站安全风险分析的变量选取案例 ...................................... 10 2.6 异常访问的发现 以及部分解决方法 ...................................... 11 2.7 本章小结 ............................................................ 13 第三章 海外官网异常访 问的识别 ............................................... 14 3.1 海外官网安全状况 .................................................... 14 3.2 可用与异常访问识 别的原始变量选择 .................................... 15 3.3 异常访问的识别过程 .................................................. 15 3.4 本章小结 ............................................................ 19 第四章 风险因素的影响分析 ................................................... 20 4.1数据准备 ............................................................ 20 4.1.1 数据打标 ...................................................... 20 4.1.2 数据归并 ...................................................... 22 4.2 使用数据统计的风险因素影响分析 ...................................... 24 4.2.1 被访问的URL统计 .............................................. 25 4.2.2 访问来源国家统计 .............................................. 27 4.2.3 访问来源地区统计 .............................................. 28 4.2.4 被访问的域名统计 .............................................. 29 4.2.5 User-Agent统计 .............................................. 30 4.3回归模型搭建的目的以及模型介绍 ...................................... 31 4.3.1 模型搭建的目的 ................................................ 32 4.3.2 逻辑回归模型 .................................................. 32 4.3.3 多类别逻辑回归模型 ............................................ 32 4.4 使用逻辑回归的风险影响因素分析 ...................................... 33 4.5 使用多类别逻辑回归的风险影响