A double-layer progressive anomaly detection method for http requests

An anomaly detection and progressive technology, applied in the field of network security, can solve the problems of time-consuming weak classifiers, poor long-term dependence, difficult selection and optimization of weak classifiers, etc., to improve accuracy and reduce false positives Effect

Active Publication Date: 2021-09-28
长沙市智为信息技术有限公司
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The advantage is that multiple weak classifiers are integrated, and the feature extraction of each weak classifier is relatively simple; the disadvantage is that the selection and optimization of weak classifiers is difficult, and the retraining of weak classifiers is time-consuming; moreover, some simple composite machines Even after retraining the learning algorithm, its long-term dependence effect is not good

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A double-layer progressive anomaly detection method for http requests
  • A double-layer progressive anomaly detection method for http requests
  • A double-layer progressive anomaly detection method for http requests

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] In order to make the purpose, design ideas and advantages of the present invention clearer, the present invention will be further described in detail below in combination with specific examples and with reference to the accompanying drawings.

[0035] The invention discloses a two-layer progressive anomaly detection method for an HTTP request, which performs anomaly detection based on a two-layer progressive anomaly detection model. The model consists of XGBoost gradient boosting tree module and LSTM long short-term memory network module. After training a certain scale of HTTP request data sets, the model first uses the first-layer XGBoost gradient boosting tree module to make quick judgments, and then input suspicious HTTP requests to the second-layer LSTM module for careful judgment to realize HTTP request anomaly detection , to achieve the purpose of intercepting malicious HTTP requests through normal HTTP requests. The invention can effectively improve the accuracy...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a double-layer progressive abnormality detection method for HTTP requests. The abnormality detection is carried out based on a two-layer progressive abnormality detection model. The model is composed of an XGBoost gradient boosting tree module and an LSTM long short-term memory network module. After training a certain size of HTTP request data set, the model first uses the first-layer XGBoost gradient boosting tree module to make quick judgments, and then input suspicious HTTP requests to the second-layer LSTM module for careful judgment to realize HTTP request anomaly detection. , to achieve the purpose of intercepting malicious HTTP requests through normal HTTP requests. The invention can effectively improve the accuracy of HTTP request abnormality detection, reduce the false positive of abnormality detection, and make the abnormality detection model have certain long-term dependence.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an HTTP request double-layer progressive anomaly detection method oriented to a network application firewall. Background technique [0002] With the development of cloud computing and big data technology, the security of network applications under massive data is threatened. Traditional web application firewalls use rule matching methods to detect abnormalities in HTTP requests, which cannot cope with challenges such as changing requirements, complex attacks, and large data volumes. Therefore, researchers began to apply machine learning methods to web application firewalls. [0003] A single machine learning model generally has shortcomings such as complex models, complex feature engineering, low accuracy, high false positives, and difficulty in long-term dependence. For example, in a single K-Means clustering analysis, it is difficult to measure the distance between t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08H04L12/24
CPCH04L41/145H04L63/02H04L63/1425H04L63/306H04L67/02H04L67/146
Inventor 谢逸航黄惟赵颖马小龙曹鸣佩康占英杨子彤周芳芳
Owner 长沙市智为信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap