Attack detection method and system for WEB

An attack detection and anomaly technology, applied in the field of network security, can solve problems such as insufficient attack signature detection, achieve the effects of improving detection accuracy, reducing false negative rate, and improving efficiency

Inactive Publication Date: 2015-05-06
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF5 Cites 36 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] To sum up, when analyzing abnormal web access requests, detection based on attack characteristics alone is not enough

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack detection method and system for WEB
  • Attack detection method and system for WEB
  • Attack detection method and system for WEB

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. It should be understood that the described embodiments are only some of the embodiments of the present invention, not all of them. example. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without making creative efforts belong to the protection scope of the present invention.

[0052] Such as figure 1As shown, in the scheme of the present invention, at first utilize feature detection module to detect original data (being user's WEB access request data) and obtain abnormal access library; Report analysis, and can supplement and update well-known crawler libraries and false positive libraries; at the same time, the exception statistics module and exception scoring module can also count the data in the except...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an attack detection method and system for WEB; the method comprises the following steps: firstly implementing attack characteristic detection to the url accessed by a user; then implementing misinformation analysis and fail-to-declare analysis treatment to the detection result, wherein the misinformation analysis mainly solves the misinformation caused by normal embedded resources of the website and the web crawlers, the fail-to-declare analysis is to treat the undetected abnormal behaviors conducted by the detected abnormal users. Based on the results of the treatment above, calculating the total normal access time of each abnormal user under each domain name; when the access time is less than the average value of all users, taking the ratio between the access time and the average value as an abnormality scoring index of the abnormal user; otherwise, the abnormality score is a weighted value w of the ratio between the access time and the maximum access time of all users. By the misinformation analysis and fail-to-declare analysis treatment, the efficiency of the attack detection method and system for WEB is significantly increased.

Description

technical field [0001] The invention relates to the field of network security, in particular to a WEB-oriented attack detection method and system. Background technique [0002] Attack signature-based detection is a commonly used attack detection method for web access requests. This method analyzes known web attack requests and extracts a series of protection rules corresponding to different attack characteristics to match new access requests. [0003] The advantages of the detection method based on attack characteristics are simple deployment and fast detection speed. Open source software lorg and scalp use this method to detect attacks on access logs. But its shortcomings are also very obvious: first, it can only detect known attacks, and has no effect on unknown attacks, resulting in a large number of false negatives; second, when the accessed resources contain content that can be matched by rules , it will cause a large number of false positives. At present, there are ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1416H04L67/02
Inventor 罗熙杨婧徐震宋晨刘艇
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap