Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detecting method and device of Web attack

A technology of attack detection and anomaly detection, which is applied in the field of network security to achieve the effect of ensuring security

Inactive Publication Date: 2016-04-20
CHINA ELECTRONICS STANDARDIZATION INST
View PDF5 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem to be solved by the present invention is how to overcome the shortcomings of misuse detection and anomaly detection, and how to perform post-event attack detection and evidence collection for Web attacks that cannot be found by Web application firewalls

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detecting method and device of Web attack
  • Detecting method and device of Web attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] Embodiment 1. A method for detecting web attacks, such as figure 1 As shown, including steps S110-S130:

[0042]S110. For multiple Web logs to be processed, divide them according to URLs (UniformResourceLocator, uniform resource locator) in the Web logs, and obtain Web log subsets corresponding to different URLs.

[0043] This step may include: for multiple web logs to be processed, first extract URLs in each web log respectively, then divide the multiple web logs to be processed according to the URLs, and divide web logs containing the same URL into In the same Web log subset, the Web log subsets corresponding to different URLs are obtained; wherein, each of the Web log subsets may include one or more Web logs.

[0044] After this step, it may also include: pre-excluding the Web log subset whose number of Web log entries is less than the first predetermined threshold value, or only performing subsequent steps on the Web log subset whose Web log entry number reaches th...

Embodiment 2

[0092] Embodiment 2, a kind of Web attack detection device based on Web log analysis, such as figure 2 shown, including:

[0093] The log classification module 21 is used for dividing a plurality of Web logs to be processed according to the Uniform Resource Locator URL in the Web logs, so as to obtain the corresponding Web log subsets of different URLs;

[0094] The normal behavior model learning module 22 is used to perform the following processing on the corresponding Web log subsets of each URL: select some Web logs in the Web log subset, and the selected Web logs account for the proportion of the selected Web log subsets. The proportion of is less than or equal to the predetermined upper limit of the proportion; according to the selected web log, the normal behavior model corresponding to the URL is constructed;

[0095] The anomaly detection module 23 is configured to perform anomaly detection on unselected web logs in the web log subset corresponding to each URL based ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a detecting method and device of a Web attack. The detecting method of the Web attack comprises the steps of dividing multiple to-be-processed Web logs according to a URL (Uniform Resource Locator) in each Web log to obtain Web log subsets which correspond to different URLs; carrying out the following processing respectively for the Web log subset which corresponds to each URL, including, selecting partial Web logs in each Web log subset, wherein the proportion of the selected Web logs in each Web log subset is less than or equal to a preset proportion upper limit, and establishing a normal behavior model corresponding to the URL based on the selected Web logs; and, for the Web log subset corresponding to each URL, carrying out abnormality detection for the unselected Web logs in the Web log subset which corresponds to the URL respectively based on the normal behavior model corresponding to the URL. According to the detecting method and device of the Web attack, attack detection and evidence collection after the attack can be carried out for the Web attack which is not discovered by applying a firewall.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and device for detecting web attacks. Background technique [0002] Currently, 80% of common applications are web applications, including financial applications that require high security. The Web has become the standard application interaction interface. While Web applications bring convenience to people, they have also become the most concerned object of hackers. Common attacks against Web applications include SQL (StructuredQueryLanguage, Structured Query Language) injection attacks, XSS (CrossSiteScripting, cross-site scripting attacks), CSRF (Cross-siterequestforgery, cross-site request forgery), and various possible causes of web server denial of service Web attack methods. [0003] In order to defend against various Web attacks, the processing method in related technologies is usually to deploy a Web application firewall in front of the Web application, which ca...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/02H04L63/1441H04L63/1466H04L67/02
Inventor 叶润国蔡磊范科峰
Owner CHINA ELECTRONICS STANDARDIZATION INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com