Design And Implementation Of Web Attack Detection Algorithm Based On Machine Learning

In recent years,with the rapid popularization and development of Internet technology,network security incidents have frequently occurred.It not only caused huge losses to the economic property of network users,but also had many adverse effects on network service providers.As Internet services gradually become more open and convenient,Web services-based Internet services gradually occupy a dominant position in network services.However,due to the characteristics of Web services,they are vulnerable to hackers.In the face of such a serious web security problem,how to efficiently identify web attack events and proactively perform web attack detection and protection is an important requirement in the field of network security.Traditional web attack detection methods are based on rule bases to detect known attack methods by matching keywords or rule bases.It can effectively detect existing network attack modes,but it also has great limitations.On the one hand,this method can only identify existing attack methods in the rule base and cannot detecte new attack methods,and flexible hackers can easily bypass these rules.On the other hand,the construction and maintenance of the rule base relies on security experts,which makes it too expensive to be widely used.In view of the current research and development status,this paper proposes the use of machine learning and neural networks for Web anomaly detection.The main contributions are as follows:(1)By analyzing the difference between a web attack request and a normal request,statistical analysis is performed on the parameters and special characters contained in the HTTP request field in the web log data,several statistical features are extracted for training traditional machine learning algorithms.And then,the effectiveness of these features for anomaly detection is verified by experiments,so we obtain an anomaly detection model based on traditional machine learning algorithms;(2)Aiming at the shortcomings of traditional machine learning algorithms that rely too much on artificial extraction of features and poor detection performance,this paper proposes a CNN-GRU neural network model that uses a combination of convolutional neural networks and gated recurrent units to detect web attacks.And experiments show that the detection performance of CNN-GRU model is better than traditional machine learning models;(3)In view of the fact that the current bag of words model and word vector model in the current feature engineering cannot cover the statistical characteristics,such as the parameter length and the number of characters in the HTTP request.So,this article proposes to use the statistical features extracted through statistical analysis to expand the original data to construct a Web anomaly detection model that combines statistical features with the CNN-GRU model,and experimentally verifies that the method can optimize the detection effect of the model;(4)Based on the web anomaly detection model proposed in this paper,a web anomaly detection system based on the Python-flask MVC framework is designed and implemented.This system includes six modules:data preprocessing module,model training module,anomaly detection module,attack analysis module,data storage module and visualization module.And it including the two functions:model training and anomaly detection.And we verified the function of the system through tests.