Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Abnormal access behavior detection method and system on basis of WEB logs

A detection method and log technology, applied in the field of WEB security, can solve problems such as false positives, inability to analyze attacker attack behavior, and inability to detect detection technology.

Active Publication Date: 2013-09-11
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF3 Cites 98 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the above information statistics are mainly for normal user access behaviors, and for malicious user access, the above detection techniques cannot be found
Therefore, website administrators or security administrators can only check whether there are suspicious attacks from the WEB logs through manual detection.
[0004] Generally, the security detection of WEB logs is divided into two aspects. One is to identify typical attack accesses, such as SQL injection, cross-site scripting, buffer overflow, etc., by matching attack feature rules on a single request URL in the log. It is relatively easy to implement, but only known types of attacks can be found, and the attacker's attack behavior cannot be globally analyzed
On the other hand, it is the behavior detection for abnormal access traces, including malicious crawling of website information, malicious scanning of website vulnerabilities, application layer DDoS attacks, etc. These behaviors cannot be detected by feature detection of a single URL
At present, there is no mature solution for this type of abnormal behavior detection. The general solution is to establish a normal model of user access through data mining, but this requires historical data of normal access. At the same time, once the current website access is affected by some special circumstances Impact, such as a special event that leads to a sudden increase in website visits, will make the visit model obtained from historical data not suitable for current visits, resulting in a large number of false positives or false negatives

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal access behavior detection method and system on basis of WEB logs
  • Abnormal access behavior detection method and system on basis of WEB logs
  • Abnormal access behavior detection method and system on basis of WEB logs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0069] The implementation process of the technical solution of the present invention will be described in detail below with reference to the accompanying drawings and specific examples.

[0070] Such as figure 1 Shown is a schematic flow chart of an embodiment of a method for detecting abnormal access behavior based on WEB logs of the present invention, and its specific steps include:

[0071] 1. Analyze the original WEB log and remove the interference information;

[0072] 2. IP access behavior statistics, get the IP access statistics list, including the total number of sessions, duration, number of visits, non-page access ratio, error response code ratio, download access ratio of each IP;

[0073] 3. URL access statistics, get URL access statistics list, including visitor information dictionary table and query string dictionary table for each URL;

[0074] 4. According to the IP access statistics list, carry out crawler behavior feature identification, error response code ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an abnormal access behavior detection method on the basis of WEB logs. The abnormal access behavior detection method includes steps of 1) performing IP(internet protocol) access statistics and URL access statistics after removing interference information by analyzing WEB raw logs so as to acquire an IP access statistic list and a URL access statistic list, 2) according to the IP access statistic list, performing crawler behavior characteristic recognition, error response code statistics and access frequency deviation degree detection while updating IP abnormal characteristic list, and 3) sequencing the abnormal characteristics in the IP abnormal characteristic list according to a set order of precedence, and outputting the sequenced IP abnormal characteristic list to obtain abnormal access results. By the abnormal access behavior detection method, an access model is built with no depending on history access data, abnormal access is checked by lateral comparison, and abnormal parameter detection is performed by voting and referring query strings.

Description

technical field [0001] The invention relates to a method and system for detecting abnormal access behaviors based on WEB logs, belonging to the field of WEB security. Background technique [0002] With the continuous development of Internet technology and application, WEB application has gradually become an indispensable aspect of modern people's production and life, and it has also become the main attack target on the Internet. [0003] WEB logs are audit information about WEB access behaviors recorded by WEB servers. From the WEB logs, you can understand the access behavior of website visitors. Traditional WEB log detection mainly focuses on global website traffic detection, visitor information statistics, and access content information statistics. The quality of service of the website. Currently, mainstream log detection tools include AWStats, Webalizer, etc. However, the above information statistics are mainly for normal user access behaviors, and the above detection...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08H04L12/26
Inventor 杨婧徐震马多贺宋晨吕双双黄亮
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com