Web anomaly detection system based on user behaviors

An anomaly detection and behavior technology, applied in the field of information security, can solve problems such as undetectable attacks, and achieve the effect of preventing system crashes

Inactive Publication Date: 2019-01-01
SICHUAN UNIV
View PDF9 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It effectively avoids the problem that other methods require a large number of labeled samples, and also solves the problem that the rule-based attack detection system cannot discover new attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web anomaly detection system based on user behaviors
  • Web anomaly detection system based on user behaviors
  • Web anomaly detection system based on user behaviors

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The web anomaly detection system based on user behavior is mainly composed of user behavior data collection module, data preprocessing module, user request anomaly detection module, user identity anomaly detection module and label alarm module.

[0030] figure 1 The overall architecture diagram of the system is shown, which introduces the relevant design of the above five modules in detail, and explains the workflow and main functions of the relevant modules. The functions of the data collection module include the collection of user access data and the collection of user browsing behavior data. The collection of user access data is mainly to extract web application logs on the server side, which is called background user behavior data collection. The collection of user browsing behavior data is mainly on the client side, such as the browser, using the JavaScript scripting language to collect user behavior data when browsing the website, which is called front-end user d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a Web anomaly detection system based on user behaviors. The system performs request anomaly detection based on user request behaviors, and performs user identity anomaly detection based on user browsing behaviors. For the detection of a request anomaly, an RC-HsMM (Rate Control-HsMM) algorithm combining a time window based request rate sudden abnormal change detection algorithm and an improved HsMM algorithm is applied to user request anomaly detection on the basis of analyzing abnormal behaviors generated by an abnormal user in the process of hacking a website. For the detection for a user identity anomaly, user identity anomaly detection is performed by using a nested One-class SVM algorithm according to browsing behavioral habits and behavioral habits in the session of the user.

Description

technical field [0001] The invention belongs to the field of information security. Aiming at the detection of website application intrusion anomalies and user identity anomalies, conventional intrusion detection and security protection technologies can no longer meet the existing security requirements, a web anomaly detection model based on user behavior is designed. Background technique [0002] Most of the current network intrusion detection and defense devices such as firewalls, IPS, and IDS use a rule-based approach for intrusion detection and attack defense. However, with the continuous development of network technology and the continuous innovation of attack methods, when new attack methods appear, the rule-based intrusion detection system cannot update the detection rules in time, and at the same time, network device vulnerabilities continue to appear, resulting in the intrusion of these network security devices. The performance of detection and defense is weak, and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1425H04L67/02
Inventor 方勇黄诚刘亮宋创创杨悦
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap