WEB malicious request depth detection system and method based on machine learning

Abstract

The invention discloses a WEB malicious request depth detection system and method based on machine learning, and relates to the technical field of computer network security. The system comprises a database module, a classifier training module and a traffic detection module; the database module stores gateway WEB traffic data; the classifier training module is configured to perform classification training to obtain a first classifier and a second classifier; and the traffic detection module comprises a regular matching module, an intranet and extranet request classification module, an intranetrequest detection module, and a non-intranet request detection module. The gateway WEB traffic data are subjected to regular matching and traffic category classification processing, then are divided into internet request traffic data and non-intranet request traffic data, wherein the internet request traffic data are sent to the second classifier for detection, the non-intranet request traffic data are sent into the first classifier for detection, and detection results are all stored in the database module. According to the WEB malicious request depth detection system based on the machine learning provided by the invention, a multi-model depth detection technology is used, the detection of the malicious traffic of the gateway is successfully realized, and the system has the advantages of being low in fallout ratio and omission ratio, high in data set adaptability and the like.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to a machine learning-based deep detection system and method for WEB malicious requests. Background technique [0002] Malicious WEB requests refer to WEB requests used for malicious activities such as stealing information and attacking applications. Malicious WEB requests are concealed and sudden, and there are various attack methods (such as SQL injection, cross-site scripting attacks, etc.), which pose a great threat to network security. Relevant scholars have proposed many schemes to intercept malicious requests, including rule matching technology, simplistic machine learning algorithm detection and other technologies, but all have their own limitations. [0003] The traditional rule matching technology can only be used to detect known types of attacks. It has weak resistance to the ever-changing malicious requests and is easy to be "spoofed" by artificially d...

AI Technical Summary

Problems solved by technology

[0010] In view of the above-mentioned defects of the prior art, the technical problem to be solved by the present invention is how to overcome the shortcomings of a single machine learning model that is too broad, without considering the specificity of different traffic types and the lack of real-time performance, and divide the access traffic into intranet WEB According to the characteristics and unique patterns of the traffic of the server access and the traffic of the web server of the external network, as well as the difference in the security level of the internal and external network servers, a targeted and focused detection model is made to realize malicious detection of the gateway. Real-time detection of traffic, and ensure that the system has low false detection rate and missed detection rate

Images