Web intrusion detection technology based on machine learning

An intrusion detection and machine learning technology, applied in electrical components, transmission systems, etc., can solve problems such as labor-intensive, difficult to identify attacks, and pattern matching algorithms affecting detection efficiency.

Inactive Publication Date: 2018-11-06
SICHUAN UNIV
View PDF12 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The rule-based detection method mainly has two limitations: on the one hand, the establishment and maintenance of the rule base requires a lot of manpower and material resources; on the other hand, the choice of pattern matching algorithm also greatly affects the detection efficiency.
If the anomaly detection model is u

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web intrusion detection technology based on machine learning
  • Web intrusion detection technology based on machine learning
  • Web intrusion detection technology based on machine learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0013] The technical framework of the invention will be described below in conjunction with the accompanying drawings.

[0014] figure 1 It is a framework diagram of the technical process of the present invention.

[0015] First, the iForest algorithm is used to identify abnormal requests. The iForest algorithm cannot effectively detect local outliers. When the local outliers in the sample set are covered by normal clusters with similar densities, the local outliers are not easily isolated by isolated trees, resulting in poor anomaly detection results. The invention proposes an iForest-KNN hybrid algorithm, by setting the threshold of the abnormal score, and using the KNN algorithm to perform secondary detection on the abnormal points.

[0016] Then, the SVM algorithm is used to identify the attack type of the abnormal request. The SVM algorithm gives all the features the same weight. In the process of building the feature matrix, it is very likely to be mixed with features ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Web intrusion detection method based on machine learning. The method mainly comprises the following steps of step 1, collecting data as a learning sample of anomaly detectionand attack detection; step 2, training an anomaly detection model, determining the random sampling number, the number of isolated trees, a K value and a threshold value needing to be set for secondary detection, training an attack detection model, and determining hyper-parameters C and g of three SVM models by using SQL injection and XSS as research objects; and collecting data of an HTTP requestin real time, carrying out anomaly detection and attack detection on the HTTP request, and recognizing an abnormal request and a corresponding attack behavior. Experiments show that the research method provided by the invention is effective, and compared with an existing method, the intrusion detection can be carried out on a Web attack rapidly and effectively.

Description

technical field [0001] The invention relates to the field of Web intrusion detection, and the main core is to establish a machine learning model by using the data by collecting statistical characteristics of Web attack samples, and use the constructed model to identify Web attack requests. Background technique [0002] In the face of complicated network attacks, software and hardware facilities such as intrusion prevention systems, intrusion detection systems, and firewalls are generally used to detect and intercept. These traditional software and hardware devices mainly use rule-based detection methods. In recent years, this detection method has gradually begun to show decline under the changing attack load, and the growth trend of security incidents has not been suppressed. Not only that, the high cost discourages many users, and the protective equipment of major security manufacturers is often exposed to have backdoors and loopholes. Overall, the overall security situati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 方勇刘亮黄诚周航许益家
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap