摘要
针对现有的Web应用防火墙大多基于规则对恶意的HTTP请求进行检测,容易绕过且检测效率低下等问题,基于词袋模型聚类,提出一种改进的恶意HTTP请求检测方法。通过对已有的正常请求和恶意请求进行词袋和TF-IDF模型进行特征提取,并采用XGBoost分类算法对异常请求进行识别。实验结果表明,与随机森林、支持向量机等识别方法相比,该方法具有更好的异常HTTP请求识别效果。
In view of the problem that most of the Web application firewalls detect malicious HTTP queries based on rules, which leads to easy bypass and low detection efficient, an abnormal malicious HTTP queries identifi cation method based on BoW model clustering is proposed. By means of BoW and TF-IDF for existing abnormal queries and normal queries, it extract feature of HTTP queries. XGBoost classification algorithm is used to detect abnormal traffic. The experimental results show that this method has better recognition effect of abnormal queries compared with identification method based on random forest, support vector machine and others.
作者
徐迪
XU Di(China Mobile(Hangzhou)Information Technology Co.,Ltd.,Hangzhou 310012,China)
出处
《电信工程技术与标准化》
2018年第12期22-27,共6页
Telecom Engineering Technics and Standardization
