Research On Anomaly Detection Based On HTTP Data

Since the 21 st century,network technology has developed rapidly,and people's production and life are increasingly dependent on the network.With the popularity of the Internet,security issues have become more and more serious,and the hacker's endless attacks have seriously threatened people's Internet security and property security.Traditional network security technologies have been unable to meet people's needs.Intrusion detection technology has actively protected network and system security by monitoring abnormal traffic and suspicious activities in the system.It has become the main research direction of network security researchers.With the extensive use of the HTTP protocol,a large number of actual intrusions are included in the HTTP request data,and research on HTTP data anomaly detection has begun to be paid more and more attention by researchers.In this paper,we propose three new abnormal HTTP data detection schemes for the three main attacks occurring in HTTP data by carefully analyzing the common attacks in the network and summarizing the characteristics of related attacks.The main research contents of the thesis are as follows:First,for C&C attacks we propose a new C&C(Command & Control Serve)traffic detection scheme.In this scheme,we use the relevant ideas in image processing to convert traffic into images.Use the generated confrontation network to find the C&C traffic and protect the host security.In order to avoid useless HTTP traffic data to make the converted image more complicated,we propose a 3-point pre-processing rule,through which we can simplify traffic and remove redundant features.Secondly,for virus attacks we propose a new fault detection scheme based on abnormal traffic.This scheme detects whether the host is trapped by comparing the similarity between the URL in the host request traffic and the URL in the virus traffic.In the scheme,we propose a new feature extraction method based on Net2 Vec idea.Through this method and two-way long-term memory network,we can complete the detection model.The experimental results show that the proposed new feature extraction method has a good effect,and the scheme has certain competitiveness compared with other detection schemes.Thirdly,for virus attacks we propose new abnormal traffic detection method.In this method,we use a method of joint monitoring with supervised learning and unsupervised learning.During the detection process,we will detect the data in the field and the obtained abnormal detection result is stored to facilitate the defense capability of the firewall.The method has continuous learning capabilities and can continuously discover new anomalies as it continues to run.The experimental results show that the method has good detection capability and has good competitiveness in accuracy and accuracy.