Design And Implementation Of WEB Application Firewall Based On Hidden Markov Model

With the deepening of social informationization and the rapid development of Internet,web application become an important carrier of the current Internet industry.However,security risks are endless.How to protect web applications from attacks becomes a research hotspot in the field of security.Most of the traditional security devices are basically packet-based detection,which mainly working in the network layer and transport layer of the OSI model,they cannot effectively protect the web server in the application layer.In recent years,web security devices which based on the application layer have emerged in the market,but most of them are based on the rules library of black lists and white lists,which single detection method cannot defence unknown web attacks.In response to these problems,this thesis proposes a web application firewall based on Hidden Markov Model.The main work is as follows:First,a self-learning algorithm based on Hidden Markov Model is proposed to extract the characteristics of normal data from multiple dimensions,train the learning model and generate anomaly threshold.Aiming at the problem that the anomaly detection model is easy to fall into a recession period,a model retraining mechanism is proposed.In the specific case,the retraining mechanism is triggered to ensure the timeliness of the model and realize self-learning of the model.Using the HTTP CSIC2010 dataset,the proposed algorithm is compared with the traditional Hidden Markov anomaly detection algorithm and the deep learning-based anomaly detection algorithm.The experimental results show that the proposed self-learning algorithm based on Hidden Markov Model improves the detection accuracy while guaranteeing the detection efficiency.Considering the model detection performance and practical application scenarios,the proposed algorithm is more suitable for anomaly detection in web application firewall.Secondly,in view of the problems existing in the current web application firewall,the requirements of the system are determined,which mainly include functional requirements and non-functional requirements.According to the database design principle,the conceptual structure design and physical structure design of the system are carried out.Starting from the system functional requirements and non-functional requirements,the web application firewall integrating the Hidden Markov self-learning module is realized,which mainly includes: data preprocessing module,self-learning module based on Hidden Markov Model,rule library module,system detection module,system response module and log module.Finally,building a test environment to test the functional and non-functional requirements of the system.The test results show that the interface of the system is simple and beautiful,the function meets the system requirements,the performance is stable and reliable,and the system has a high detection rate and a low false positive rate,which can effectively protect the security of the web application.