| As a result of rapid development of Internet and people's dependence on network, security issues become more and more severe. In recent years, as a result of great progress in the development of web applications, all kinds of web service arise. However, the attack events which aim at web application have become more and more frequent. According to the survey, most of the Internet attack events are related to web applications. Traditional security equipments, like firewall, can not work effectively since web applications'information on session and application level has not been analyzed. Besides, due to websites are open to public access as well as the diversity of websites and web applications, various attack techniques are devised. Therefore, misuse based IDS are unable to detect web application attacks effectively through update its signature incessantly.For the referred reasons, the paper firstly introduces the related concepts of intrusion detection, including architecture, misuse detection and anomaly detection. Then it studies anomaly detection techniques and gives out strongpoints and shortcoming of each type as well as the analyses present situation at home and aboard. The paper summerizes the existing techniques based on web service.On the basic of the above research, the paper puts forward a new anomaly detection algorithm which examines the web application on HTTP session level. Combined with alogrothms on length, structure, character distribution, enumeration of HTTP requests'attribute features, the system designed detects the web behaviors in multiple characters. A different framework of the web-based IDS is proposed and implemented in the paper. In this framwork, inbound and outbound traffic of web server are dupicated and mirrored to the system. Therefore, the system will fulfill the detection function without affecting the performance of the web server and reducing the quality of web services.Finally, experimens are made to verify the proposed system. The results of experments on the algorithms seperately and as a whole show the system can detect the most critical attacks efficiently. In the end, the paper summarizes the total work and gives the prospect of the future work. |
PDF Full Text Request