基于Web用户浏览行为的统计异常检测
DOI:
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:

Supported by the National Natural Science Foundation of China under Grant No.90304011 (国家自然科学基金); the Natural Science Foundation of Guangdong Province of China under Grant No.04009747 (广东省自然科学基金); the Research Fund for the Doctoral Program of Higher Education of China under Grant No.20040558043 (高等学校博士学科点专项科研基金)


Anomaly Detection Based on Web Users' Browsing Behaviors
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    提出一种基于Web用户访问行为的异常检测方案,用于检测应用层上的分布式拒绝服务攻击,并以具有非稳态流特性的大型活动网站为例,进行应用研究.根据Web页面的超文本链接特征和网络中各级Web代理对用户请求的响应作用,用隐半马尔可夫模型来描述服务器端观测到的正常Web用户的访问行为,并用与大多数正常用户访问行为特征的偏离作为一个流的异常程度的测量.给出了模型的参数化方法,推导了模型参数估计与异常检测算法,讨论了实际网络环境下异常检测系统的实现方法.最后用实际数据验证了模型和检测算法的有效性.仿真结果表明,该模型

    Abstract:

    This paper proposes an anomaly detection based on Web user access behavior for the defense of application layer Distributed Denial-of-Service (DDoS) attack. Based on the hyperlink characteristics of Web pages and the HTTP responding effect of different proxies in the Internet, this paper uses hidden semi-Markov model (HsMM) to describe the Web user browsing behavior observed at Web server, and employs likelihood of the observation sequence on user browsing behaviors fitting to the model as a measure of user’s normality. A parameterized model and its recursive formulae are derived and an on-line anomaly detection approach is introduced. Some issues involved in practical implementations of the model and the anomaly detection approach are discussed. Finally, an experiment is conducted to validate the model and the algorithm, which is based on a set of data colleted from a heavy-loaded Web server and an emulated DDoS attack that launches HTTP flooding to the Web site. The experimental results show that the model is effective in measuring the user behaviors and in detecting the application layer DDoS attacks.

    参考文献
    相似文献
    引证文献
引用本文

谢逸,余顺争.基于Web用户浏览行为的统计异常检测.软件学报,2007,18(4):967-977

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2005-09-26
  • 最后修改日期:2006-04-03
  • 录用日期:
  • 在线发布日期:
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号