The Construction Of A Hybrid Intrusion Detection Model Based On Web Logs

Web applications has been concerned by both academia and industrial community due to the fact that they enjoy wide usage and contain volumes of valuable information,and,in particular,there may be serious data leakage and property loss if attacks on Web applications.Intrusion detection is a key issue in the line of Web security research.Web logs have become the data sources for conducting such researches because of their data integrity.Although there are many intrusion detection products in industrial circles,and a number of research results on intrusion detection in the academia,no products and technology can guarantee that they are still of high performance for the rapid development in Web attacks and defense.Therefore,research on intrusion detection based on Web logs was,is and will still be a meaningful task.Traditional methods of rule matching are not fully capable of dealing with boatloads of complex,changeable Web attacks,plus the conventional techniques to detect and analyze massive Web logs are not of high efficiency.Under the circumstance,this paper designs a hybrid intrusion detection model,which combines the misuse detection technology based on rule matching and the anomaly detection technology using machine learning methods.The details are as follows:(1)The application of misuse detection technology in log security research has been studied,and in-depth analysis and research on the construction of rule base in misuse detection technology has been conducted.By analyzing the types and characteristics of common Web attacks,and extracting features,an effective rule base has been constructed using regular expressions.(2)Anomaly detection model has been constructed using machine learningmethod,anomaly detection method based on Hidden Markov Model has beenproposed,and abnormal data has been identified by modeling normal log data.At the same time,a multiple classification system has been used to optimize the model and has improved the model's detection rate.(3)A hybrid intrusion detection model has been proposed,which combines the advantages of misuse detection method based on rule matching and anomaly detection method based on Hidden Markov Model.It has achieved better detection performance in higher detection rate and lower false positive rates.