Web anomaly detection method and device

An anomaly detection and anomaly technology, applied in the computer field, can solve problems such as difficulty in ensuring real-time and comprehensive detection, low reliance on security experts, and inability to guarantee real-time and comprehensive detection, so as to save manpower and detection time and reduce work The effect of quantity, high detection rate and accuracy rate

Active Publication Date: 2016-05-04
BEIJING QIHOO TECH CO LTD +1
View PDF5 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The method based on manually formulated detection rules requires a large number of security experts for known vulnerabilities or attack behaviors, which will introduce more subjective elements, and for new types of attacks, the rules need to be re-formulated, which cannot guarantee the real-time performance and reliability of detection. comprehensive
[0005] Supervised classification algorithms can also achieve highe

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web anomaly detection method and device
  • Web anomaly detection method and device
  • Web anomaly detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0071] Hereinafter, exemplary embodiments of the present disclosure will be described in more detail with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be implemented in various forms and should not be limited by the embodiments set forth herein. On the contrary, these embodiments are provided to enable a more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

[0072] Reference figure 1 , Shows a flowchart of the web anomaly detection method in Embodiment 1 of the present invention.

[0073] Step 101: Create multiple anomaly detection models for detecting abnormal web access based on the web access feature based on multiple web access features parsed from historical web access records.

[0074] In the embodiment of the present invention, multiple historical web visits ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a web anomaly detection method and device. The method comprises the following steps: establishing a plurality of anomaly detection models for detecting an anomaly web access based on web access characteristics according to a plurality of web access characteristics analyzed from a historical web access record, respectively detecting whether a target web access is an anomaly web access by adopting the various anomaly detection models, and labelling the web access characteristics corresponding to the anomaly detection model, the detection result of which is the anomaly web access, as the anomaly type of the target web access. The method in the embodiment of the invention realizes automatic detection of unknown vulnerabilities and novel attacks by utilizing the plurality of established anomaly detection models; data are unnecessary to re-collect; a rule is unnecessary to re-make; the relatively high detection ratio and the accuracy rate are ensured; the workload of workers is reduced; and the manpower and the detection time are saved.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular to a web anomaly detection method and a web anomaly detection device. Background technique [0002] With the continuous popularity of web services, web sites suffer from more and more attacks. Web attacks are basically done by hackers by modifying URLs, including obtaining website database content, obtaining server root privileges, and stealing user data. There are many types of web attacks commonly used, such as directory traversal exploits, SQL injection, cross-site scripting attacks (XSS), cross-site request forgery attacks (CSRF), and so on. [0003] For web attacks, commonly used detection methods include finding attack behaviors based on attack detection rules formulated by security personnel, or extracting meaningful features based on human experience, and using supervised classification algorithms to find attack behaviors. [0004] The method based on manually fo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L9/40
Inventor 刘博王占一张卓
Owner BEIJING QIHOO TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products