期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于活跃熵的Web应用入侵检测模型 被引量:6

Intrusion Detection Model for Web Applications Based on Alive Entropy
原文传递
导出
摘要 由于现今的一些应用层Web攻击体现出大流量的特征,传统的Web入侵检测技术往往对这类攻击检测能力较弱,本文提出了一种基于活跃熵的Web入侵检测方法.该方法通过对HTTP数据包的截获,提取GET、POST请求参数以及HTTP Header中关键数据,并对其熵值进行分析,利用熵值的变化来发现Web数据流中存在的攻击行为.实验结果表明,本方法能实现此类大流量Web应用攻击行为的检测,有效的弥补了传统检测方法的不足. Since some kinds of Web attacks in application layer reflect large flow characteristics,the traditional web intrusion detection technologies failed to detect those kinds of attacks.This paper presents an intrusion detection model of web applications based on alive entropy.By interception of HTTP packets,we extract GET,POST request parameters and HTTP Header's critical data and then analyze its alive entropy and detect attacks through irregular alive entropy values.The experimental results show that this method can detect such web attacks against web applications and effectively compensate for the shortcomings of traditional web intrusion detection methods.
作者 莫秀良 常畅 王春东
机构地区 天津理工大学教育部计算机视觉与系统省部共建重点实验室 天津理工大学天津市智能计算与软件新技术重点实验室
出处 《武汉大学学报(理学版)》 CAS CSCD 北大核心 2014年第6期543-547,共5页 Journal of Wuhan University:Natural Science Edition
基金 天津市科技创新专项资金项目(10FDZDGX00400 11ZCKFGX00900) 天津市教委教改重点项目"十二五"总投项目(C03-0809)
关键词 WEB应用 WEB攻击 入侵检测 活跃熵 Web applications Web attacks intrusion detection alive entropy
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1Simon K.Social,Digital&Mobile in APAC in 2014[EB/OL].[2014-02-20].http://wearesocial.net/blog/2014/01/social-digital-mobile-apac-2014/,2014-01-23.
  • 2国家信息安全漏洞共享平台.关于OpenSSL存在高危漏洞可被利用发起大规模攻击的情况通报[EB/OL].[2014-04-09].http://www.cnvd.org.cn/webinfo/show/3399.
  • 3周勇禄,吴海燕,蒋东兴.基于统计异常的Web应用入侵检测模型研究[J].计算机安全,2012(5):8-12. 被引量:7
  • 4Estevez-Tapiador J M,Garcia-Teodoro P,Diaz-Verdejo J E.Detection of web-based attacks through markovian protocol parsing[C]//Proceedings.10th IEEE Symposium on Computers and Communications,2005(ISCC 2005).Los Alamitos:IEEE,2005:457-462.
  • 5肖频.基于哈希算法的Web入侵检测系统[J].电脑编程技巧与维护,2009(8):104-105. 被引量:1
  • 6Lakhina A,Crovella M,Diot C.Mining anomalies using traffic feature distributions[C]//ACM SIGCOMM Computer Communication Review.New York:ACM,2005,35(4):217-228.
  • 7刘衍珩,付枫,朱建启,孙鑫.基于活跃熵的DoS攻击检测模型[J].吉林大学学报(工学版),2011,41(4):1059-1064. 被引量:22
  • 8Feinstein L,Schnackenberg D,Balupari R,et al.Statistical approaches to DDoS attack detection and response[C]//DARPA Information Survivability Conference and Exposition,2003.Los Alamitos IEEE,2003,1:303-314.
  • 9Wagner A,Plattner B.Entropy based worm and anomaly detection in fast IP networks[C]//14th IEEE International Workshops on Enabling Technologies:Infrastructure for Collaborative Enterprise,2005.Los Alamitos:IEEE,2005:172-177.
  • 10穆祥昆,王劲松,薛羽丰,黄玮.基于活跃熵的网络异常流量检测方法[J].通信学报,2013,34(S2):51-57. 被引量:20

二级参考文献30

  • 1廖振松,金海,李赤松,邹德清.自动信任协商及其发展趋势[J].软件学报,2006,17(9):1933-1948. 被引量:52
  • 2崔玮,刘建伟,张其善.基于最小完美哈希函数的数据挖掘算法[J].华中科技大学学报(自然科学版),2007,35(2):47-49. 被引量:6
  • 3曾嘉,金跃辉,叶小卫.基于NetFlow的网络异常流量检测[J].微计算机应用,2007,28(7):709-713. 被引量:7
  • 4Garcia Adeva, Juan Jose, Pikatza Atxa, Juan Manuel Intrusion detection in web applications using text mining [J] . Engineering Applications of Artificial Intelligence, 2007 ; 20 (4) : 555-566.
  • 5Djemaiel Yacine, Rekhis Slim, Boudriga Noureddine. Intrusion detection and tolerance: A global scheme [J] . International Journal of Communication Systems, 2008; 21 (2) : 211-230.
  • 6Aho A, Corasick M. Efficient String Matching an Aid to Bibliographic Search [J] . Communication of the ACM, 1975, 18 (6) : 333-340.
  • 7Mirkovic J, Reiher P. A Taxonomy of DDoS attack and DDoS defense mechanisms [J] ACM SIG- COMM Computer Communications Review, 2004, 34(2) : 39-53.
  • 8Lawniczak A T, Wu H, Di Stefan B N. Detection of anomalous packet traffic via entropy[C] // Proceed ings of the 22nd IEEE Canadian Conference on Elec trical and Computer Engineering, Canada, 2009: 137-141.
  • 9Lee W, Xiang D. Information theoretic measures foranomaly detection [C] /// Proceedings of the IEEE Symposium on Security and Privacy, Washington, 2001:130-147.
  • 10Feinstein I., Sehnackenberg D, Balupari R, et al. Statistical approaches to DDoS attack detection and response[C]// Proceedings of the DARPA Informa- tion Survivability Conference and Exposition, Washington, 2003: 303-314.

共引文献41

同被引文献52

  • 1穆祥昆,王劲松,薛羽丰,黄玮.基于活跃熵的网络异常流量检测方法[J].通信学报,2013,34(S2):51-57. 被引量:20
  • 2王杰文,李赫男.Web数据挖掘及其应用[J].南华大学学报(理工版),2004,18(1):32-34. 被引量:3
  • 3张洪扬,唐学文.用ModSecurity增强Web应用安全[J].网络安全技术与应用,2007(5):75-77. 被引量:3
  • 4王海龙,杨岳湘.基于信息熵的大规模网络流量异常检测[J].计算机工程,2007,33(18):130-133. 被引量:14
  • 5Varalakshmi P,Selvi S T. Thwarting DDoS attacks in gridusing information divergence [ J ]. Future Generation Com-puter Systems, 2013,29( 1) :429-441.
  • 6Karnwal T, Sivakumar T,Aghila G. A comber approach toprotect cloud computing against XML DDoS and HTTPDDoS attack [ C]//2012 IEEE Students’ Conference on E-lectrical,Electronics and Computer Science. 2012:1-5.
  • 7Masood A. Cyber security for service oriented architecturesin a Web 2.0 world ; An overview of SOA vulnerabilities infinancial services [ C]// Proceedings of 2013 IEEE Interna-tional Conference on Technologies for Homeland Security.2013:1-6.
  • 8Wei Chunxia,Zhang Linlin, Zhao Kai, et al. MAC tokenbased on WSS defending Web service DoS attacks [ C ] //Proceedings of 2013 International Conference on Mecha-tronic Sciences, Electric Engineering and Computer.2013:2452-2455.
  • 9Saleh M A,Manaf A A. Protective frameworks and schemesto detect and prevent high rate DoS/DDoS and flash crowd at-tacks :A comprehensive review[J]. Communications in Com-puter & Information Science,2014,488: 145-152.
  • 10Salas M I P,Martins E. Security testing methodology forvulnerabilities detection of XSS in Web services and WS-security [ J]. Electronic Notes in Theoretical Computer Sci-ence, 2014,302:133-154.

引证文献6

二级引证文献17

武汉大学学报(理学版)
2014年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部