Web anomaly detection method, system and server in big data environment

An anomaly detection and big data technology, applied in the field of WEB anomaly detection, can solve the problems of traditional methods such as false positives and false positives, and achieve the effect of flexible heat dissipation and reducing false positives and false positives

Inactive Publication Date: 2019-11-22
国家计算机网络与信息安全管理中心江苏分中心
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention provides a WEB anomaly detection method, system and server in a big data environment, which solves the problem of high false positive and false negative rates in traditional methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web anomaly detection method, system and server in big data environment
  • Web anomaly detection method, system and server in big data environment
  • Web anomaly detection method, system and server in big data environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] The present invention will be further described below in conjunction with the accompanying drawings. The following examples are only used to illustrate the technical solution of the present invention more clearly, but not to limit the protection scope of the present invention.

[0049] Such as figure 1 As shown, the WEB anomaly detection method in the big data environment includes the following steps:

[0050] Step 1, normal URL logistic regression model construction, the specific process is:

[0051] 101) Construct a normal URL training set, and use the N-Gram model to obtain a list of keywords in the normal URL in the training set;

[0052] The N-Gram model splits the URL to obtain a series of strings, and then performs Gram segmentation on the strings to obtain a list of keywords. Here, the 3-Gram model is used;

[0053] 102) Use the TfidfVectorizer function to convert the keywords in each normal URL into TF-IDF to obtain vectorized features;

[0054] 103) Train ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a WEB abnormality detection method under a big data environment, comprising the steps of constructing a normal URL logical regression model, wherein the specific process is asfollows: adopting N. Gram model, to get the keyword list in the normal URL; Using the TfidfVectorizer function to make the keywords in each normal URL TF-IDF, obtaining vectorized features; Training the normal URL logistic regression model; Anomaly detection, the specific process is: through the trained normal URL logistic regression model, filter HTTP requests, if the HTTP request URL is the normal URL, then respond to HTTP requests. Also disclosed are corresponding systems and servers. The method of the invention filters HTTP requests through a normal URL logical regression model, and solvesthe problems of traditional web intrusion detection based on rule matching, high false positives and missed positives.

Description

technical field [0001] The invention relates to a WEB anomaly detection method, system and server in a big data environment, belonging to the field of WEB anomaly detection. Background technique [0002] To detect SQL injection, in a small way, it can identify SQL injection traffic, in a big way, it can detect abnormal WEB traffic, detect SQL injection, XSS, malicious POC and other abnormal traffic, and complete the function of WAF. [0003] Traditional web intrusion detection technology intercepts intrusion access by maintaining rule sets. On the one hand, hard rules are easily bypassed by flexible hackers, and rule sets based on previous knowledge are difficult to deal with 0-day attacks. If the rules are too broad, it is easy to accidentally kill them, and if they are too detailed, they are easy to bypass. On the other hand, the rising tide of offensive and defensive confrontation, the construction and maintenance threshold of the defensive rules is high, the cost is hig...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06F1/20G06F11/30G06F16/955
CPCG06F1/20G06F11/3058G06F21/552
Inventor 马旸蔡冰罗雅琼姚力
Owner 国家计算机网络与信息安全管理中心江苏分中心
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap