摘要
随着Web应用的快速发展,Web程序受到越来越多的攻击,而传统的Web程序的误用检测和异常检测分别有着漏报率和误报率高的特点,提出了一种基于Web日志的混合入侵检测方法,首先在OWASP Top10官方平台上获取误用检测的攻击特征向量并在漏洞平台WebGoat上进行已知的漏洞测试,构建误用检测的规则库,然后使用K-Means算法训练正常的Web日志构建用户的正常访问模型,最后在Web日志数据集上对Web混合入侵检测进行测试,实验表明该入侵检测模型能够提高检测率和降低误报率。
With the rapid development of web applications,web programs are attacked frequently.The traditional misuse detection and anomaly detection have the characteristics of high rate of missing report and false alarm rate respectively.A hybrid intrusion detection method based on Web log is proposed.Firstly,the attack feature vector of misuse detection is obtained on the official platform of OWASP TOP10,and the known vulnerability test is carried out on the vulnerability platform WebGoat to build the rule base of misuse detection.Then,the K-means algorithm is used to train the normal Web log to build the normal access model of users.Finally,the Web hybrid intrusion detection is tested on the web log data set.Experiments show that the intrusion detection model can improve the detection efficiency and reduce the false alarm rate.
作者
李钊
张先荣
郭帆
Li Zhao;Zhang Xianrong;Guo Fan(Department of Information Technology,Library,Anhui Medical University,Hefei,Anhui 340100,China;Institute of Advanced Cyberspace Technology,Guangzhou University,Guangzhou,Guangdong 510000,China;School of Computer and Information Engineering,Jiangxi Normal University,Nanchang,Jiangxi 330022,China)
出处
《黑龙江工业学院学报(综合版)》
2022年第7期47-52,共6页
Journal of Heilongjiang University of Technology(Comprehensive Edition)
