Unlock instant, AI-driven research and patent intelligence for your innovation.

HTTP session anomaly detection method and detection system

An anomaly detection and anomaly technology, applied in the field of network security, can solve problems such as high false alarm rate, difficulty in obtaining label data, and inability to identify attack types, etc., and achieve high reliability, high accuracy, and good practicability

Active Publication Date: 2022-04-29
STATE GRID HUNAN ELECTRIC POWER +2
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The anomaly detection method can detect new types of attacks, but the false positive rate is higher than that of the misuse detection method, and it cannot identify specific attack types
At the same time, most of the existing detection algorithms need to rely on a large number of attack samples or a large number of normal samples, but the attack sample data in the actual collected data is far less than the normal data samples, and it is difficult to cover all attack types; especially in different website environments, Obtaining labeled data is difficult

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP session anomaly detection method and detection system
  • HTTP session anomaly detection method and detection system
  • HTTP session anomaly detection method and detection system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] as Figure 1 The method flow diagram of the method of the invention is shown: the HTTP session exception detection method provided by the invention includes the following steps:

[0034] S1. Identify HTTP traffic; Specifically, IP is used to distinguish different users, and then session identification is carried out; Session is defined as the time from entering the site to leaving the site;

[0035] S2. Extract the characteristics of each HTTP user session; Specifically, for each HTTP user session divided, the following characteristics of the session are extracted:

[0036] Proportion of abnormal useragent: indicates the proportion of useragent accesses in the total accesses of the session; The abnormal useragent refers to the spider, BOT and Yahoo! Useragent of slurp, crawler, nmap, Nikto, sqlmap, appscan, Acunetix, RSAs, webweaver and HP ASC keywords;

[0037] Proportion of non get / post: indicates the proportion of the total number of visits except for get / post methods...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting HTTP session anomalies, which includes identifying HTTP traffic; extracting the features of each HTTP user session; performing vectorization processing on the session features corresponding to each HTTP session to obtain a feature vector; The clustering algorithm performs clustering and marking and judges abnormal sessions. The invention also provides a detection system for realizing the HTTP session abnormality detection method. According to the user sessions divided by HTTP traffic, the present invention uses a clustering algorithm to efficiently cluster and store core points without label data, and uses the stored core points to calculate the distance between the HTTP session to be tested and the core point to discover HTTP traffic The session in the system is abnormal, and then the Web attack is found; the invention solves a large number of problems in the prior art, and has high reliability, good practicability and high accuracy.

Description

technical field [0001] The invention belongs to the field of network security, in particular to an HTTP session anomaly detection method and a detection system. Background technology [0002] With the development of economy and technology, web application services have been widely used in people's production and life, which has brought endless convenience to people's production and life. [0003] However, with the growth of web application services, attacks against web application services are also growing rapidly. The continuous innovation of attack means has led to an endless stream of network security incidents, which not only caused economic losses, but also had a negative impact on the society. [0004] In order to resist web attacks, the traditional solution is to deploy misuse detection method on WAF (Web Application Firewall): that is, intercept or release HTTP (Hypertext Transfer Protocol) requests based on pre-defined attack rule sets. Although this misuse detection met...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L67/02G06F16/332G06F16/33G06F16/35
CPCH04L63/1425H04L67/02G06F16/3329G06F16/3344G06F16/35
Inventor 孙毅臻高隽曹琳婧王伟平谢一曼田峥田建伟陈中伟刘扬贺泽华
Owner STATE GRID HUNAN ELECTRIC POWER