WEB malicious scanning behavior abnormity detection method and system

An anomaly detection and anomaly technology, applied in the field of WEB security, which can solve the problems of increasing false positive rate and false negative rate, mixing in and so on.

Active Publication Date: 2015-11-18
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF6 Cites 55 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The accuracy of this type of method greatly depends on normal historical data. If there is no normal historical data, or the normal historical data covers too few types of normal access behaviors, or the historical data is mixed with attack data, the false positive rate of this type of method and the false negative rate will be greatly increased

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • WEB malicious scanning behavior abnormity detection method and system
  • WEB malicious scanning behavior abnormity detection method and system
  • WEB malicious scanning behavior abnormity detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] figure 1 It is an outline of the principle of a WEB malicious scanning behavior anomaly detection system of the present invention. The WEB malicious scanning anomaly detection system can perform data preprocessing and abnormal analysis on the input WEB access history records, and find malicious scanning users.

[0044] figure 2 It is a schematic diagram of module composition in an embodiment of a WEB malicious scanning anomaly detection system of the present invention.

[0045] In this embodiment, the WEB malicious scanning behavior detection system is composed of a configuration reading module, a data preprocessing module, an anomaly detection module and a data storage module.

[0046] The data storage module is responsible for storing system configuration information, original WEB access history records, data preprocessing results, and malicious scanning user detection results. The data storage module can be implemented in a relational database, non-relational data...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a WEB malicious scanning behavior abnormity detection method and a WEB malicious scanning behavior abnormity detection system. The method comprises the following steps: 1) extracting keyword characteristics and statistics characteristics of access users from an access history record, and building keyword vectors and statistic characteristic vectors of the users, 2) traversing the keyword vectors of the users, performing statistics on the user number corresponding to each keyword, and building a global keyword table, 3) calculating the uncommon degree of each keyword according to the global keyword table, calculating original abnormal score values of the access users according to the corresponding uncommon degrees, correcting the original abnormal score values then according to the statistic characteristic vectors of the access users, and obtaining final abnormal score values of the users; 4) for a jump point of a final abnormal score value sequence of all the access users, taking the final abnormal score value corresponding to the jump point as a threshold, and 5) comparing the final abnormal score values of the access values with the threshold, and taking the users as malicious scanning users if the final abnormal score values of the access values are greater than the threshold. An unknown attack behavior can be found, and normal historical data is not relied on.

Description

technical field [0001] The invention relates to an anomaly detection method and system for WEB malicious scanning behavior, belonging to the field of WEB security. Background technique [0002] WEB scanning is a common WEB access behavior, which generally means that a web crawler obtains the content of a target website according to certain rules. The difference between WEB malicious scanning and normal scanning is that the goal of the former is to find website vulnerabilities, sensitive information, authorized entries and other information through scanning, while the goal of the latter is to obtain content information normally provided by the website, such as Html pages, pictures, CSS files Wait. Since the goals of the two are fundamentally different, their access behaviors are also significantly different: [0003] First, the access request of WEB malicious scanning is obviously different from the access request of normal WEB scanning in semantics. For example, WEB malic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1425H04L67/02
Inventor 杨婧罗熙刘艇吴再龙
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap