Check patentability & draft patents in minutes with Patsnap Eureka AI!

HTTP request exception detection method and system

An anomaly detection and anomaly technology, applied in the security field, can solve problems such as high false alarm rate, difficulty in labeling data, and difficulty in covering attack types

Active Publication Date: 2020-08-25
CENT SOUTH UNIV
View PDF9 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Anomaly detection methods can detect new attack types, but the false positive rate is higher than that of misuse detection methods, and cannot identify specific attack types. Most of the existing detection algorithms need to rely on a large number of attack samples or a large number of normal samples, while the actual data Medium attack sample data is far less than normal data samples, and it is difficult to cover all attack types, especially in different website environments, it is very difficult to obtain label data

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP request exception detection method and system
  • HTTP request exception detection method and system
  • HTTP request exception detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0062] This embodiment discloses a method for detecting an abnormal HTTP request, comprising the following steps:

[0063] Step 1: Preprocessing the web access logs, including data cleaning and URL parameter classification;

[0064] Step 1.1: Perform data cleaning on web access logs. The purpose of data cleaning is to delete irrelevant records or obviously abnormal records in the log. Since the present invention mainly detects abnormal parameters, it cleans irrelevant data records in the Web access log. Data cleaning specifically includes:

[0065] (1) Filter out the records of response errors in the Web access log. For web logs, it can be judged by the response status code field. The response status code 4XX indicates a client error, and 5XX indicates a server error. Therefore, records with a status code exceeding 400 (including 400) in the log are filtered out.

[0066] (2) Filter out the records in the web access log that the request method is not GET or POST. User acc...

Embodiment 2

[0100] like figure 1 As shown, on the basis of Embodiment 1, this embodiment further provides a method that can be used to detect abnormalities in real-time or newly added HTTP requests to be tested in the Web access log, and the specific steps are:

[0101] First, based on the abnormal point identification results in step 2, the abnormal points in all parameter values ​​under each URL parameter category are removed;

[0102] Then, perform the following steps:

[0103] Step 3: For each URL parameter category, perform feature generalization and automatic generation (extraction) of parameter value templates (normal parameter value templates) based on the parameter values ​​after removing outliers, and store them in the parameter value template library. figure 2 is a parameter value template format diagram according to an embodiment of the present invention.

[0104] First, define parameter value templates from five characteristics, such as figure 2 shown.

[0105] The para...

Embodiment 3

[0124] The present embodiment provides a HTTP request abnormal detection system, including the following modules:

[0125] The preprocessing module is used to preprocess the Web access log, including data cleaning and URL parameter classification; where the URL parameter classification refers to the URL of each HTTP request in the Web access log, and the access path (request The file path) is combined with each parameter, and the combination of each access path and parameter name formed is respectively used as a URL parameter category;

[0126] The abnormal point identification module is used for clustering and identifying abnormal points for all parameter values ​​under each URL parameter category;

[0127] The abnormality detection module is used for abnormality detection of the HTTP request to be tested; for the HTTP request to be tested in the web access log, if there is a parameter value in the URL that is an abnormal point, it is determined that the HTTP request to be te...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an HTTP request exception detection method and system. The method comprises the following steps: preprocessing a Web access log, including data cleaning and URL parameter classification; carrying out the clustering and exception elimination on the parameter features by using a DBSCAN algorithm; performing feature generalization and template automatic extraction on the parameter values after exception elimination; finally, performing template matching on one or more parameter values of the HTTP request according to a template matching rule, judging that the request is normal if all the parameter values are successfully matched with the template, and otherwise, judging that the request is exceptional. The problems that an existing Web application firewall cannot detect unknown anomalies, the updating and maintaining cost is high, or the false alarm rate is high, and label data need to be obtained are solved.

Description

technical field [0001] The present invention relates to the field of security technology, in particular, to a method and system for abnormal detection of HTTP requests. Background technique [0002] With the development of the Internet, Web application services have penetrated into all fields of society and become an important part of people's work and life. While Web application services bring great convenience to people, Web attacks also grow rapidly and become an important threat to the Internet. The continuous innovation of attack methods has led to an endless stream of network security incidents, which not only cause economic losses, but also have a negative impact on society. [0003] In order to defend against Web attacks, the traditional solution is to deploy a misuse detection method on WAF (Web Application Firewall, Web Application Firewall), that is, based on a pre-defined attack rule set, HTTP (HyperTextTransfer Protocol, Hypertext Transfer Protocol) request In...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08G06F16/215G06F16/2458G06K9/62
CPCH04L63/1416H04L63/1425H04L63/1466H04L67/02G06F16/215G06F16/2465G06F18/2433
Inventor 王伟平顾见欢宋虹张士庚
Owner CENT SOUTH UNIV
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com