Risk Analysis Of Web Attack Based On Domain Knowledge And Threat Intelligence

The rapid development of information technology has brought great convenience to the public's lives,while the following security problems also do great harm to the social economy and public privacy.Cyberspace security has been receiving more and more attention from the society.As attacks rise from the network layer to the web application layer,the attack methods become more and more sophisticated,and it is increasingly important to analyze the risk of an information system suffering from web attacks.In most existing risk analysis works,the vulnerability of the information system is mainly considered,while the situation of external attacks to the system is usually neglected.The related products are only protected by simple rules which appears weak facing various attacks.Besides,the use of threat intelligence which can provide information for potential attacks is also lacking.In addition,for new vulnerabilities that are not evaluated their threating level,they are usually only qualitative or even not considered in the existing analysis,thus it is difficult to use them for quantitative risk analysis.This paper summarizes the construction of attack detection model,the analysis of vulnerabilities and the commonly used risk analysis methods,and proposes a web attack risk analysis method based on domain knowledge and threat intelligence.On the one hand,this method establishes an attack detection model based on ensemble learning to detect external attacks;on the other hand,it uses text mining to predict the threat level of new vulnerabilities,and incorporates the acquired attack detection situation and vulnerability threat level into the final risk analysis by using the improved TOPSIS(Technique for Order Preference by Similarity to an Ideal Solution)method.In the attack detection model learned by ensemble learning,we firstly create the ontology based on the domain knowledge which could indicate the attack features,and use it as the knowledge base to extract the characteristics of the attack,creating ensemble Bayesian network model whose individual Bayesian network is constructed by Bayesian structure learning to detect external attacks.Then we utilize threat intelligence to improve the performance of attack detection model.In addition,we propose a node importance sorting algorithm which could provide good explanations for detection result.The attack detection model is experimented in real XSS(Cross Site Scripting)attack dataset and achieves good results.In the vulnerability assessment with text mining,we use text mining methods to get features of vulnerabilities' descriptions from open-source vulnerability database,then apply the PCA(Principal Component Analysis)method to extract information from sparse features,which help us acquire potential knowledge from sparse features.We finally use XGBoost(e Xtreme Gradient Boosting)to classify one vulnerability's threat level.The experiment on XSS vulnerabilities dataset collected from NVD(National Vulnerability Database)prove the effectiveness of our method.In the web attack risk analysis,we combine the attack detection method and vulnerability threat level prediction method proposed in this paper.One quantitative depiction of an information system is given from its own operation and maintenance,its own vulnerability situation and the external attack situation,then we use one improved analysis method which combines PCA and TOPSIS to reduce the subjectivity of traditional TOPSIS method in weight setting.Finally,we quantify the difference of two pairs — the analyzed information system to the acceptable object and the analyzed information system to the ideal object — to get one score to represent the situation of the analyzed system.At the same time,the prototype system which combines all things in our paper is developed using Flask framework,which has good application value.