检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:李钊 张先荣 郭帆[3] Li Zhao;Zhang Xianrong;Guo Fan(Department of Information Technology,Library,Anhui Medical University,Hefei,Anhui 340100,China;Institute of Advanced Cyberspace Technology,Guangzhou University,Guangzhou,Guangdong 510000,China;School of Computer and Information Engineering,Jiangxi Normal University,Nanchang,Jiangxi 330022,China)
机构地区:[1]安徽医科大学图书馆信息技术部,安徽合肥340100 [2]广州大学网络空间先进技术研究院,广东广州510000 [3]江西师范大学计算机信息工程学院,江西南昌330022
出 处:《黑龙江工业学院学报(综合版)》2022年第7期47-52,共6页Journal of Heilongjiang University of Technology(Comprehensive Edition)
摘 要:随着Web应用的快速发展,Web程序受到越来越多的攻击,而传统的Web程序的误用检测和异常检测分别有着漏报率和误报率高的特点,提出了一种基于Web日志的混合入侵检测方法,首先在OWASP Top10官方平台上获取误用检测的攻击特征向量并在漏洞平台WebGoat上进行已知的漏洞测试,构建误用检测的规则库,然后使用K-Means算法训练正常的Web日志构建用户的正常访问模型,最后在Web日志数据集上对Web混合入侵检测进行测试,实验表明该入侵检测模型能够提高检测率和降低误报率。With the rapid development of web applications,web programs are attacked frequently.The traditional misuse detection and anomaly detection have the characteristics of high rate of missing report and false alarm rate respectively.A hybrid intrusion detection method based on Web log is proposed.Firstly,the attack feature vector of misuse detection is obtained on the official platform of OWASP TOP10,and the known vulnerability test is carried out on the vulnerability platform WebGoat to build the rule base of misuse detection.Then,the K-means algorithm is used to train the normal Web log to build the normal access model of users.Finally,the Web hybrid intrusion detection is tested on the web log data set.Experiments show that the intrusion detection model can improve the detection efficiency and reduce the false alarm rate.
关 键 词:WEB日志 误用检测 异常检测 Web混合入侵检测 检测率
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.136.20.207
