| Due to the fact that Web services spread around the world,new threats are increasing.In recent years,some Web attacks,such as SQL injection attacks or site scanning attacks,occurs frequently.Web security issues caused widespread concern and discussion.Web access logs contain a lot of valuable information.We mine useful information from Web access logs.Not only it can detect the intrusion,but also it can understand the attack process to find security vulnerabilities,so as to take corresponding measures to prevent.However,it is time-consuming and inefficient to handle these data manually.Some existing sequential pattern mining algorithms,such as CloSpan algorithm,have the problem of low efficiency,and PrefixSpan algorithm will generate redundant frequent episodes.So it is necessary for us to design an efficient sequential pattern mining algorithm which reduces redundant frequent episodes.The traditional misuse intrusion detection method can not provide enough protection for Web services,because it can only recognize formerly known attacks and cannot recognize new unknown attacks.Based on the above analysis,we design a Web anomaly intrusion detection method which uses frequent closed episode rules mining algorithm to analyze Web access logs.Frequent closed episode rules mining algorithm can parallelly mines the frequent closed episode rules on Spark,which deal with massive Web access logs quickly.Meanwhile,it reduces a part of rules to improve the matching efficiency,which are redundant for Web anomaly detection.Then,we design a grouping scheme to improve the parallel efficiency of the algorithm.Finally,we use SQLMAP and WebCruiser to simulate some Web attacks to get the simulation data.The experimental results show that the detection rate and false alarm rate are 96.67%and 3.33%,respectively for detecting abnormal users.The reduction of redundant rules can greatly improve the matching efficiency.In addition,our algorithm outperforms otherpattern mining algorithms. |
PDF Full Text Request