HTTP request double-layer progressive anomaly detection method

An anomaly detection and progressive technology, applied in the field of network security, can solve the problems of time-consuming weak classifiers, poor long-term dependence, difficult selection and optimization of weak classifiers, etc., to improve accuracy and reduce false positives Effect

Active Publication Date: 2019-10-18
长沙市智为信息技术有限公司
View PDF4 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The advantage is that multiple weak classifiers are integrated, and the feature extraction of each weak classifier is relatively simple; the disadvantage is that the selection and optimization of weak classifiers is difficult, and the retraining of weak classifiers is time-consuming; moreover, some simple composite machines Even after retraining the learning algorithm, its long-term dependence effect is not good

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP request double-layer progressive anomaly detection method
  • HTTP request double-layer progressive anomaly detection method
  • HTTP request double-layer progressive anomaly detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] In order to make the purpose, design ideas and advantages of the present invention clearer, the present invention will be further described in detail below in combination with specific examples and with reference to the accompanying drawings.

[0035] The invention discloses a two-layer progressive anomaly detection method for an HTTP request, which performs anomaly detection based on a two-layer progressive anomaly detection model. The model consists of XGBoost gradient boosting tree module and LSTM long short-term memory network module. After training a certain scale of HTTP request data sets, the model first uses the first-layer XGBoost gradient boosting tree module to make quick judgments, and then input suspicious HTTP requests to the second-layer LSTM module for careful judgment to realize HTTP request anomaly detection , to achieve the purpose of intercepting malicious HTTP requests through normal HTTP requests. The invention can effectively improve the accuracy...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an HTTP request double-layer progressive anomaly detection method, anomaly detection is carried out based on a double-layer progressive anomaly detection model, and the model is composed of an XGBoost gradient boosting tree module and an LSTM long-term and short-term memory network module. The method comprises the following steps: training an HTTP request data set of a certain scale; according to the model, firstly using a first-layer XGBoost gradient boosting tree module for rapid judgment, inputting a suspected HTTP request into a second-layer LSTM module for carefuljudgment, achieving HTTP request exception detection, and achieving the purpose of intercepting a malicious HTTP request through a normal HTTP request. According to the method, the accuracy of HTTP request anomaly detection can be effectively improved, the false positive of anomaly detection is reduced, and an anomaly detection model has certain long-term dependence.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an HTTP request double-layer progressive anomaly detection method oriented to a network application firewall. Background technique [0002] With the development of cloud computing and big data technology, the security of network applications under massive data is threatened. Traditional web application firewalls use rule matching methods to detect abnormalities in HTTP requests, which cannot cope with challenges such as changing requirements, complex attacks, and large data volumes. Therefore, researchers began to apply machine learning methods to web application firewalls. [0003] A single machine learning model generally has shortcomings such as complex models, complex feature engineering, low accuracy, high false positives, and difficulty in long-term dependence. For example, in a single K-Means clustering analysis, it is difficult to measure the distance between t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08H04L12/24
CPCH04L41/145H04L63/02H04L63/1425H04L63/306H04L67/02H04L67/146
Inventor 谢逸航黄惟赵颖马小龙曹鸣佩康占英杨子彤周芳芳
Owner 长沙市智为信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap