期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

自适应的Web攻击异常检测方法 被引量:7

Adaptive anomaly detection method of Web-based attacks
下载PDF
导出
摘要 针对传统建模容易引入不可信样本的问题,提出了一种自适应建立基于Web攻击异常检测模型的方法。依据样本中Request-URL的结构特征对样本集进行分类,并利用样本的各属性来构造样本分类子集的离散性函数,其中离散程度值将作为识别正常行为集的依据;在此基础上,使用改进的隐马尔可夫模型(HMM)算法对正常行为样本集进行建模,并利用HMM合并的方法实现检测模型的动态更新。实验结果表明,所提方法建立的模型能够有效地识别出Web攻击请求,并降低检测的误报率。 Concerning the problem that untrusted sample can be easily introduced in traditional methods,an adaptive model was proposed in this paper.Based on the description of the structural feature of Request-URL,a whole sample set was divided into smaller subsets.The discreteness of a subset was calculated by its properties,which would determine whether the subset is normal.On basis of these,the detection model was created by the improved algorithm with the normal subsets,and dynamic update of model was achieved by Hidden Markov Model(HMM) merging.The experimental results show that the adaptive model built by the proposed method can effectively identify Web-based attacks and reduce false alert ratio.
作者 温凯 郭帆 余敏
机构地区 江西师范大学计算机信息工程学院
出处 《计算机应用》 CSCD 北大核心 2012年第7期2003-2006,2014,共5页 journal of Computer Applications
基金 江西省教育厅科技项目(20101106) 科技部国际合作项目(2010DFA70990)
关键词 分类 离散性函数 自适应 隐马尔可夫模型 入侵检测系统 classification discrete function adaptive Hidden Markov Model(HMM) Intrusion Detection System(IDS)
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献12

  • 1KLEIN D V. Defending against the Wily Surfer: Web-based attacks and defenses [ C] // Proceedings of the USENIX Workshop on Intru- sion Detection and Network Monitoring. Santa Clara, CA: USENIX Association Publishing, 1999:81-92.
  • 2VALEUR F, MUTZ D, VIGNA G. A learning-based approach to the detection of SQL attacks [ C]//Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment. Berlin: Springer, 2005:123-140.
  • 3ALMGREN M, DEBAR H, DACIER M. A lightweight tool for de- tecting Web server attacks [ C]//Proceedings of the ISOC Symposi- um on Network and Distributed Systems Security 2000. San Diego, CA: The Internet Society, 2000:157 - 170.
  • 4KRUEGEL C, VIGNA G. Anomaly detection of Web-based attacks [ C]// Proceedings of the 10th ACM Conference on Computer and Communication Seeurity. New York: ACM Press, 2003: 251- 261.
  • 5杨晓峰,孙明明,胡雪蕾,杨静宇.基于改进隐马尔可夫模型的网络攻击检测方法[J].通信学报,2010,31(3):95-101. 被引量:22
  • 6DAINOTTI A, de DONATO W, PESCAPE A, et al. Classification of network traffic via packet-level hidden Markov models [ C]//Pro- ceedings of the 2008 Global Communications Conference. Piscat- away: IEEE, 2008:1-5.
  • 7FIELDING R, GETYYS J, MOGUL J, et al. RFC 2616, Hypertext transfer protocol--HTTP/1.1 [ S/OL]. [ 2011 - 06 - 01 ]. http:// www. ieff. org/rfc/rfc2616, txt.
  • 8GARCIA V H, MONROY R, QUINTANA M. Web attack detection u- sing ID3 [ C]// IFIP 19th World Computer Congress on Professional Practice in Artificial Intelligence. Berlin: Springer, 2006:323 -332.
  • 9KRUEGEL C, VIGNA G, ROBERTSON W. A multi-model ap- proach to the detection of Web-based attacks [ J]. Computer Net-works, 2005, 48(5): 717-738.
  • 10STOLCKE A, OMOHUNDRO S M. Hidden Markov model induction by Bayesian model merging [ C]// Advances in Neural Information Processing Systems. Cambridge, MA: MIT Press, 1993:11 -18.

二级参考文献14

  • 1周东清,张海锋,张绍武,胡祥培.基于HMM的分布式拒绝服务攻击检测方法[J].计算机研究与发展,2005,42(9):1594-1599. 被引量:15
  • 2邬书跃,田新广.基于隐马尔可夫模型的用户行为异常检测新方法[J].通信学报,2007,28(4):38-43. 被引量:20
  • 3CHRISTEY S, MARTIN R A. Vulnerability type distributions in CVE[EB/OL]. http://cwe.mitre.org/documents/vuln-trends.html. 2009.
  • 4FIELDING R, GETTYS J, MOGUL J, et al. Hypertext Transfer Protocol-HTFP/1.1[S]. RFC-2616, 1999.
  • 5BACE R. Intrusion Detection [M]. Macmillan Publishing Co. Inc., 2000.
  • 6ROESCH M, Snort-lightweight intrusion detection for networks[A].Proc of the 13th USENIX Conference on System Administration (LISA)[C]. Seattle, USENIX Association,1999. 229-238.
  • 7LI M, ZHAO W. Detection of variations of local irregularity of traffic under DDOS flood attack[EB/OL], http://www.hindaui.com/journals/ mpe/2008/475878.html.2008.
  • 8LI M. Change trend of averaged. Hurst parameter of traffic under DDOS flood attacks[J]. Computers & Security, 2006, 25 (3): 213-220.
  • 9WARRENDER C, FORREST S, PEARLMUTTER B. Detecting intrusions using system calls: alternative data models[A]. Proceedings of the IEEE Symposium on Security and Privacy[C]. Oakland, 1999. 133-145.
  • 10YEUNG D Y, DINGY. Host-based intrusion detection using dynamic and static behavioral models [J]. Pattern Recognition, 2003, 36: 229-243.

共引文献21

同被引文献68

引证文献7

二级引证文献17

计算机应用
2012年 第7期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部