摘要
由于Web应用涉及范围广,结构复杂多变等特点,对其采用的入侵检测面临着严峻的考验。具有学习功能的入侵检测有着广阔的研究前景。提出一种异常检测方法,从HTTP连接中提取HTTP会话,按照RFC标准描述HTTP请求,以此构建基于DFA的HTTP会话学习模型。并针对HTTP请求数量庞大的特点,提出模型简化的算法。该模型能够实现自动更新,有助于解决入侵检测保护Web应用时遇到的问题。
The protection of Web server-based applications by using intrusion detection, for their large, complex structure are faced with severe test. Intrusion detection with learning function has the potential to improve the state of affair. This paper describes how HTTP sessions are extracted from HTTP connections, and how DFA is introduced to build a model for HTTP sessions according to HTTP requests in RFC format. For the large size of HTTP requests, a algorithm for model simplification is proposed. The model maintains the feature of automatic updating, and this could serve as a strategy to meet the requirements for protecting Web applications.
出处
《信息安全与通信保密》
2010年第4期87-89,共3页
Information Security and Communications Privacy
基金
国家自然科学基金资助项目(批准号:60903191)
国家高技术研究发展计划(863)资助项目(编号:2007AA01Z457)
