JIANG Mengdan,LIN Honggang,CAO Heming.Research on Abnormal Detection based on Business Logic[J].Journal of Chengdu University of Information Technology,2019,(02):130-137.[doi:10.16836/j.cnki.jcuit.2019.02.006]
基于业务逻辑思想的异常检测研究
- Title:
- Research on Abnormal Detection based on Business Logic
- 文章编号:
- 2096-1618(2019)02-0131-07
- Keywords:
- business logic; abnormal detection; traffic analysis; website structure; access information
- 分类号:
- TP393.08
- 文献标志码:
- A
- 摘要:
- 随着互联网的普及,Web站点承载的流量越来越多,为保证能够安全且高效地提供信息或服务,将业务逻辑思想与异常检测相结合,提出了一种以Web用户访问行为所产生的流量数据作为基础的异常检测方案。该方案为部署在重要节点上的Web服务器而设计,通过获取公开发布在网络上的Web站点的源代码来获取页面之间的链接关系,构建网站的拓扑结构,来学习符合正常业务逻辑跳转的用户访问轨迹集合,然后从访问产生的流量数据中提取出不同用户的行为轨迹,结合方案中提出的算法来判断用户的访问是否存在异常。最后在实际环境下对该算法的有效性进行了测试与验证,实验表明,该异常检测方法能够发现用户对站点无规律的大量异常访问、对站点进行的SQL注入尝试或语义URL攻击等。
- Abstract:
- With the popularity of the Internet, web sites are carrying more and more traffic. In order to ensure that they can provide information or services safely and efficiently, this article combines business logic and anomaly detection to proposes an anomaly detection scheme based on traffic data generated by web users' access behavior. The scheme is designed for web sites deployed on important nodes. Firstly, The scheme obtains the link relationship between all pages by obtaining the source code of the web site published on the network, and the topology of the web site is constructed to learn the user access path set that is in line with the normal business logic path. Then the behavior trajectories of different users are extracted from the traffic data generated by the access, and the algorithm proposed in the scheme is used to determine whether the user's access is abnormal. Finally, the effectiveness of the algorithm is tested and verified in the actual environment. The simulation results show that the anomaly detection method can find irregular access to the site, SQL injection attempt or semantic URL attacks toward the site.
参考文献/References:
[1] 熊芳芳.浅谈计算机网络安全问题及其对策[J].电子世界,2012,8(22):139-140.
[2] 周光涛,王志军.新一代高可信网络架构研究[C].2009北京青年通信科技论坛,2011.
[3] 中国互联网信息中心.第41次中国互联网络发展状况统计报告[OL].URL:[2018-03-01].http://cnnic.cn/hlwfzyj/hlwxzbg/hlwtjbg/20180 3/P020180305409870339136.pdf,2018.
[4] Christey S.Vulnerability type distributions in cve[EB/OL].http://cwe.mitre.org/documents/vuln-trends.html,2007,05,22.
[5] Kar D,Panigrahi S, Sundararajan S.SQLiGoT:Detecting SQL injection attacks using graph of tokens and SVM[J].Computers& Security,2016,60:206-225.
[6] 谢逸,余顺争.基于Web用户浏览行为的统计异常检测[J].软件学报,2007,18(4):967-977.
[7] 温凯,郭帆,余敏.自适应的Web攻击异常检测方法[J].计算机应用,2012,32(7):2003-2006.
[8] 彭思源.基于URL的Web攻击异常检测方法[D].重庆:重庆邮电大学,2017.
[9] 刘泽宇,夏阳,张义龙,等.基于Web行为轨迹的应用层DDoS攻击防御模型[J].计算机应用,2017,37(1):128-133.
[10] 闫伟,张军.基于时间序列分析的网络流量异常检测[J].吉林大学学报(理学版),2017,55(5):1249-1254.
[11] 廖鹏,夏元轶,郭靓,等.基于用户访问序列的异常行为检测方法[P].中国专利:CN106657410A,2017-05-10.
[12] 杨大路,范维,南淑君,等.一种基于可信业务流的未知威胁检测方法[J].电子测试,2015(9):21-23.
[13] 姚伟.业务系统异常行为检测[J].邮电设计技术,2016(1):70-73.
[14] 石波,王红艳,郭旭东.基于业务白名单的异常违规行为监测研究[J].信息网络安全,2015(9):144-148.
相似文献/References:
[1]徐颂捷,何建新,黎志波,等.基于天气雷达标准输出控制器的故障诊断方法研究[J].成都信息工程大学学报,2019,(03):257.[doi:10.16836/j.cnki.jcuit.2019.03.009]
XU Songjie,HE Jianxin,LI Zhibo,et al.Research on Fault Diagnosis Method based on Weather Radar Standard Output Controller[J].Journal of Chengdu University of Information Technology,2019,(02):257.[doi:10.16836/j.cnki.jcuit.2019.03.009]
[2]王文文,陶宏才.基于优化VGG19卷积神经网络的异常检测模型研究[J].成都信息工程大学学报,2020,35(03):253.[doi:10.16836/j.cnki.jcuit.2020.03.001]
WANG Wenwen,TAO Hongcai.Research on Anomaly Detection Model based on Optimized VGG19 Convolutional Neural Network[J].Journal of Chengdu University of Information Technology,2020,35(02):253.[doi:10.16836/j.cnki.jcuit.2020.03.001]
备注/Memo
收稿日期:2018-09-27