基于统计异常的Web应用入侵检测模型研究

Study of Intrusion Detecton Mondels for Web Applications

传统的网络安全技术已经难以有效防范针对Web应用的攻击行为,Web应用入侵检测作为一种重要的安全技术已受到了广泛的重视。访问日志是Web应用入侵检测的重要数据,然而,海量的日志记录令应用管理员望而却步,若缺乏有效的分析方法,将很难发现和定位入侵行为。致力于这个问题的解决,多种误用和异常检测模型已被提出和采用。针对动态页面采用参数值长度、字符分布等统计异常模型,对真实Web应用的访问日志进行入侵检测,实验结果表明,模型可以有效地检测SQL注入等攻击。

As traditional security techniques fail to protect web applications from attacks,more research has focus on intrusion detection for web applications.Access logs are the most important data source for intrusion detection.However,log files usually contain a huge quantity of records.Without effective methods,it is not feasible for administrator to inspect and locate intrusions.Misuse detection and anomaly detection models have been proposed to solve this problem.This paper conducts intrusion detection over a real web application based on statistical anomaly-based models.The result shows these models can effectively detect attacks like SQL injection.