Full Protocol Stack Web Site Protection System

With the rapid development of the Internet,the attacks in the network are increasing constantly,and the security issues are more and more concerned by people.Most of the network attack detection methods proposed at present only target a certain type of attack or one layer in the TCP/IP protocol stack.However,in the real network environment,multiple attacks often occur simultaneously.Not only that,the abnormal access behavior of malicious users will also bring security threats to the Web site.Most of the traditional user behavior anomaly detection systems are manually buried in the program or extracted from log files when acquiring data.This method is expensive to develop and maintain.After obtaining the data,it is impossible to detect different abnormal behaviors in different application scenarios.Therefore,this paper designs a full-protocol stack Web site protection system to detect various attacks in the protocol stack,and monitor and manage the abnormal behavior of users in a custom way.This paper analyzes the related network attack and user abnormal behavior detection technologies.Targeting at shortcomings of existing methods,the architecture of a full-protocol stack Web site protection system is proposed,and the core components of the framework are designed in detail.Including data acquisition,data preprocessing,data anomaly and attack detection,data display and query.For most common network attacks,this paper analyzes the principle of each attack in detail and the content of the data packets obtained through bypass monitoring,designs the corresponding detection algorithms,and completes the detection of common attacks in the data link layer,network layer,transport layer and application layer.For attacks in the application layer,this paper proposes an improved Adaboost algorithm,trains the model by using the CSIC 2010 data set,and uses the trained model to detect attacks in the application layer.For abnormal user behaviors,a behavior rule base is established by defining the user's normal behavior rules,and the access behavior by the user is compared with the rules predefined in the rule base,in order to detect the abnormal behavior of the user.Finally,this paper completes the realization of the system on the basis of the design framework,and verifies the effectiveness of the system by testing.The results show that the full protocol stack Web site protection system proposed in this paper can effectively identify the common network attacks and abnormal behaviors of users.