Design And Implementation Of Web Application Firewall Based On Hidden Markov Model

With the rapid development of information technology, Web applications become an important carrier of the Internet industry, but its security problems are endless. How to protect the Web service becomes research hotspot in the field of security.Traditional security devices are basically packet-based detection, working in the transport and network layer of the OSI model, they cannot be effective protection in the application layer to the Web. In recent years, based on the application layer of Web security equipments have been in the market, but they are almost all based on the known rules library form of black and white list, checking for access to the Web server data, and can’t find potential or unknown Web attack. The Hidden Markov Model has been widely used in intrusion detection, and it can detect potential threat by machine learning. So combined with Hidden Markov Model, the study of Web application firewall has important practical significance.After studing the hidden markov model which has the function of learning machine, the thesis designes and implements a Web application firewall system. The system has the ability of machine learning, in addition to defense general attack, will also be able to find potential or unknown Web attack, and can make real-time response to protect the safety of the Web server. The research content is as follows:1. Research the Hidden Markov Model and build learning model of the system. Analyse machine learning principle of Hidden Markov Model,and the theoretical basis and the key algorithms of the model.According to different attributes of the HTTP request, the thesis builds the learning models suitable for Web application firewall system, including three different kinds of learning models, respectively processing sequence, the non-negative integers and character. The results of the learning will be the basis of a system to determine whether a Web request exceptions.2. The design and implementation of the system. Web request is preprocessing, and then three kinds of learning models by programming and testing methods to handle Web request. According to the design of the system, programming to realize the function of all the other modules.3. Test the system. The thesis tests the system function and performance. The test results show that the system under the condition of not set in black and white list of rule base,and the use of hidden markov model for machine learning can effectively defense general or potential Web attack.By this topic research, exploring the Hidden Markov Model in the Web application firewall, this system has the ability to machine learning, can detect potential or unknown Web attack, and the thesis provides domestic researchers and security equipment providers application reference value.