Method for detecting unknown abnormal behaviors of website

Abstract

The invention relates to a method for detecting the unknown abnormal behaviors of a website, and the method comprises the steps: obtaining original website information, carrying out the preprocessing and learning, and completing a directed graph and a webpage in-degree table of the website; detecting the access abnormal data of a single page; giving an alarm if the abnormality is detected, and adding one to the number of alarm times; detecting the access abnormality data of a key service; giving an alarm if the abnormality is detected, and adding one to the number of alarm times; detecting the access abnormality data of a single user; giving an alarm if the abnormality is detected, and adding one to the number of alarm times; counting the alarm times, and detecting the number of alarm times of a website HTTP protocol status code; giving an alarm to a website with the number of alarm times of the website HTTP protocol status code being greater than 20 in each half of an hour, carrying out the statistics of abnormal webpage URLs, and carrying out the sorting according to the number of access times; and carrying out the inspection. The method is used for detecting the security flaws of the website and various types of known threats, analyzing the unknown illegal connection and access, carrying out the early warning for a network problem, avoiding the paralysis of a user's network to the greatest extent, and facilitating the subsequent inspection, treatment and maintenance.

Description

technical field [0001] The invention belongs to the technical field of digital information transmission, such as telegram communication, and in particular relates to a method for detecting unknown abnormal behavior of websites related to information security technology. Background technique [0002] At present, the website system is becoming more and more advanced, and its functions are becoming more and more powerful. People can do various business processes, shopping and inquiries on the website system, which greatly facilitates users, but it also brings various security issues. , Such as crawlers, dragging libraries, etc. will lead to large-scale leakage of website data. With the development of information technology, the website library has become the core asset of many enterprises, especially financial and Internet enterprises. Once the website fails, the business of the entire enterprise will be paralyzed immediately. Therefore, website security has attracted more and ...

AI Technical Summary

Problems solved by technology

[0004] The technical problem solved by the present invention is that in the prior art, the common website protection software mainly detects the security loopholes of the website itself and various known threats, and has no ability to analyze unknown illegal connections and accesses, resulting in If the early warning of network problems is not in place, it is easy to cause users to be paralyzed in the network under unknown circumstances. It is extremely difficult to troubleshoot and deal with the subsequent problems, and then provides an optimized detection method for unknown abnormal behavior of the website.