本文選題：HTTP攻擊檢測　切入點(diǎn)：N-gram特征提取　出處：《西安電子科技大學(xué)》2014年碩士論文

【摘要】：隨著互聯(lián)網(wǎng)技術(shù)的飛速發(fā)展，網(wǎng)絡(luò)安全越來越受到人們重視。惡意病毒檢測是信息安全領(lǐng)域一個重要課題，其中對HTTP攻擊檢測是新的研究熱點(diǎn)。基于隱含馬爾科夫模型的檢測系統(tǒng)可以檢測HTTP攻擊，但是這樣的系統(tǒng)復(fù)雜度高，不適合檢測大量HTTP數(shù)據(jù)。 本文針對現(xiàn)有HTTP攻擊檢測模型存在的復(fù)雜度高、檢測性能低和不能對大量HTTP數(shù)據(jù)進(jìn)行及時檢測等缺陷，在深入研究HTTP攻擊檢測技術(shù)的基礎(chǔ)上，給出了一種HTTP攻擊檢測框架。該檢測模型框架分為三個部分，分別為數(shù)據(jù)輸入和輸出部分、HTTP數(shù)據(jù)的混合N-gram特征提取部分和HTTP數(shù)據(jù)的檢測部分。在HTTP數(shù)據(jù)的混合N-gram特征提取部分，本文設(shè)計一種提取混合N-gram特征的方法，該方法綜合考慮了不同長度的N-gram特征對HTTP攻擊檢測效果的影響，采用專家投票機(jī)制，產(chǎn)生了更好的HTTP數(shù)據(jù)N-gram特征向量。在HTTP數(shù)據(jù)的檢測部分，本文研究了基于計算距離度量相似度的檢測技術(shù)和基于機(jī)器學(xué)習(xí)算法中決策樹算法的檢測技術(shù)，給出了計算卡方距離度量相似度的檢測算法和流程，在此基礎(chǔ)上，，提出一種計算改進(jìn)距離度量相似度的檢測算法。 經(jīng)過實(shí)驗比較，證明了計算改進(jìn)距離度量相似度檢測方法的簡單和高效，可以用于對大量HTTP數(shù)據(jù)進(jìn)行檢測。驗證了決策樹算法在檢測經(jīng)過多態(tài)變形的復(fù)雜HTTP攻擊的有效性。
[Abstract]:With the rapid development of Internet technology, people pay more and more attention to network security. Malicious virus detection is an important subject in the field of information security. The detection system based on hidden Markov model can detect HTTP attack, but it is not suitable for detecting a large amount of HTTP data because of its high complexity. Aiming at the shortcomings of the existing HTTP attack detection models, such as high complexity, low detection performance and being unable to detect a large amount of HTTP data in time, this paper studies the HTTP attack detection technology in depth. This paper presents a HTTP attack detection framework, which is divided into three parts: the mixed N-gram feature extraction part of the data input and output parts and the detection part of the HTTP data, and the hybrid N-gram feature extraction part of the HTTP data. In this paper, a method of extracting mixed N-gram features is designed. The influence of different length of N-gram features on HTTP attack detection is considered synthetically, and the expert voting mechanism is adopted. In the part of HTTP data detection, this paper studies the detection technology based on computational distance measurement similarity and the detection technology based on decision tree algorithm in machine learning algorithm. The detection algorithm and flow chart for calculating the similarity of chi-square distance measurement are presented. On the basis of this, a detection algorithm for calculating the similarity of improved distance measurement is proposed. The experimental results show that the improved distance metric similarity detection method is simple and efficient and can be used to detect a large number of HTTP data. The effectiveness of decision tree algorithm in detecting complex polymorphic HTTP attacks is verified.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 譚小彬,王衛(wèi)平,奚宏生,殷保群;計算機(jī)系統(tǒng)入侵檢測的隱馬爾可夫模型[J];計算機(jī)研究與發(fā)展;2003年02期

2 王瓊;倪桂強(qiáng);潘志松;繆志敏;胡谷雨;;基于改進(jìn)隱馬爾可夫模型的系統(tǒng)調(diào)用異常檢測[J];數(shù)據(jù)采集與處理;2009年04期

3 譚小彬,王衛(wèi)平,奚宏生,殷保群;基于隱馬爾可夫模型的異常檢測[J];小型微型計算機(jī)系統(tǒng);2004年08期

本文編號：1695875