Research On Malicious HTTP Request Detection Based On Machine Learning

With the rapid development of the computer and Internet techniques,Web applications become more and more important to human life.While enjoying the convenience brought by the Web application,people have to face increasingly serious network security problems.However,the accuracy of traditional Web attack detection methods is not satisfactory,and the detection ability of unknown attacks is poor.In order to face the cunning attackers and increasingly powerful attack methods,we need more effective and novel detection systems.At present,machine learning is one of the important methods to build Web attack detection models.Compared with traditional models,these models have achieved better detection results,but their detection accuracy of malicious attacks are not ideal.Therefore,this thesis analysis the traditional machine learning algorithms and make a couple of changes to make them suitable for the task of web application attack detection.This thesis completes Web attack detection by analyzing the content of HTTP request.The research mainly includes two aspects: data preprocessing and detection models.On the one hand,data preprocessing usually converts the original HTTP request into vector or matrix.Through analyzing the existing data preprocessing methods,a weight calculation method for malicious attack words is proposed,which can make the malicious information in the weight vector feature representation of malicious requests more obvious.On the other hand,through analyzing the existing web attack detection model based on long short-term memory network(LSTM network),Bi-LSTM-AP model is proposed,which can extract more comprehensive imformation from HTTP request and get a better detection accuracy compare to traditional LSTM network.In addition,in order to improve the stability of the detection system,a hybrid model is proposed,which has better detection and generalization ability compare to single models.Specifically,our article makes the following contributions:1.The existing HTTP request data preprocessing methods are studied.By analyzing the characteristics of HTTP request data and TF-IDF algorithm,a weight calculation method for malicious attack words is proposed.The basic idea is that in the process of obtaining the weight vector feature representation of HTTP requests,the words that are common in abnormal requests and not common in abnormal requests are converted into the same word to calculate the weight,so as to improve the weight of keywords for constructing malicious requests.After the transformation,the malicious information in the weight vector of malicious requests is more obvious,which makes the detection system more sensitive to malicious requests.2.The malicious HTTP request detection method based on deep learning is studied.Aiming at the shortcomings of detection system based on LSTM network,Bi-LSTM-AP model is proposed.The model extracts information from the output of LSTM network through attention mechanism and maximum pooling,so as to obtain more comprehensive semantic features of HTTP requests.The experimental results show that the model has better detection ability than the conventional LSTM network.3.In order to improve the stability of the detection system,a hybrid decision model is proposed.The model integrates the decision results of the two detection models as the final decision results of the system,so that the system can detect malicious requests from two different angles.The experiment results demonstrate the system is competitive in Web application attack detection compare to two single models.In particular,the hybrid model still has good detection ability for unknown attacks.