HTTP session exception detection method and detection system

An anomaly detection and anomaly technology, applied in the field of network security, can solve problems such as high false positive rate, difficulty in obtaining label data, and inability to identify attack types, and achieve the effects of high reliability, good practicability and high accuracy

Active Publication Date: 2021-03-26
STATE GRID HUNAN ELECTRIC POWER +2
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The anomaly detection method can detect new types of attacks, but the false positive rate is higher than that of the misuse detection method, and it cannot identify specific attack types
At the same time, most of the existing detection algorithms need to rely on a large number of attack samples or a large number of normal samples, but the attack sample data in the actual collected data is far less than the normal data samples, and it is difficult to cover all attack types; especially in different website environments, Obtaining labeled data is difficult

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP session exception detection method and detection system
  • HTTP session exception detection method and detection system
  • HTTP session exception detection method and detection system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] Such as figure 1 The method shown in the method of the present invention is schematically illustrated: such an HTTP session abnormality detection method provided by the present invention includes the following steps:

[0034] S1. Identification of HTTP traffic; specifically distinguish between different users, then perform session recognition; session is defined as the time experienced from entering the site to leaving the site;

[0035] S2. Extract the features of each HTTP user session; specifically for each HTTP user session divided, extract the session as follows:

[0036] Abnormally UserAgent proportional: indicating the proportion of UseRAgent access in the total number of accesses in this session; where Useragent refers to Spider, Bot, Yahoo! SLURP, CRAWLER, NMAP, Nikto, Sqlmap, Appscan, Acunetix, RSAs, WebReaver and HP ASC keywords;

[0037] Non-GET / POST proportional: indicating the amount of access to the GET / POST method in the total number of visits; in addit...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an HTTP session exception detection method. The method comprises the following steps: identifying HTTP traffic; extracting features of each HTTP user session; performing vectorization processing on the session feature corresponding to each HTTP session to obtain a feature vector; and clustering and marking the session set by adopting a clustering algorithm, and judging to obtain an abnormal session. The invention also provides a detection system for realizing the HTTP session exception detection method. According to the method, efficient clustering and core point storage are carried out by utilizing a clustering algorithm under the condition of not needing label data according to the user sessions divided by the HTTP traffic, the session exception in the HTTP traffic is discovered by calculating the distance between the HTTP session to be tested and the core point by utilizing the stored core point, and then the Web attack is discovered; and the method solves alarge number of problems in the prior art, and is high in reliability, good in practicability and high in accuracy.

Description

Technical field [0001] This French belongs to the network security field, and specific to an HTTP session anomaly detection method and a detection system. Background technique [0002] With the development of economic technology, web application services have been widely used in people's production and life, bringing endless convenience to people's production and life. [0003] However, with the growth of web application services, attacks for web application services have grown rapidly. Attack methods continue to introduce new, causing an endless network security incident, not only cause economic losses, but also adversely affect society. [0004] In order to defend against Web attacks, traditional solutions are deployed on WAF (Web Application Firewall, Web Application Firewall) to deploy misuse detection methods based on pre-defined attack rule sets, for HTTP (Hypertext Transfer Protocol, Hypertext Transfer Protocol Request to intercept or release. This misuse detection method ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08G06F16/332G06F16/33G06F16/35
CPCH04L63/1425H04L67/02G06F16/3329G06F16/3344G06F16/35
Inventor 孙毅臻高隽曹琳婧王伟平谢一曼田峥田建伟陈中伟刘扬贺泽华
Owner STATE GRID HUNAN ELECTRIC POWER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap