受免疫原理启发的Web攻击检测方法

随着Internet应用的不断深入,Web服务器成为了黑客的主要攻击目标。为克服传统误用入侵检测系统无法识别未知Web攻击和异常入侵检测系统误报率高等缺陷,受生物免疫系统启发,该文提出了一种基于免疫原理的Web攻击检测方法。给出了自体、非自体、抗原、抗体基因库、免疫细胞等的数学定义,描述了免疫学习算法。对比实验结果表明该方法较传统的基于神经网络和ID3算法的Web攻击检测技术能有效检测未知Web攻击,具有检测率和分类率高、误报率低和实时高效等特点,是检测Web攻击的一种有效新途径。

Immune Principles Inspired Approach to Detection of Web Attacks

Internet and Web servers become the core infrastructure for companies and institutes. Simultaneously, Web servers also become a popular target for attackers. However, misuse Intrusion Detection Systems (IDSs) are only effective in detecting known attacks and it is difficult to keep up with the daily exploitation of novel and Web-related vulnerabilities; anomaly IDSs often produce a high false alarm rate. To get over the limitations of misuse and anomaly IDSs, this paper inspired by immune principles presents a novel anomaly detection approach to detect unknown Web attacks. In our proposed approach, which is referred to the immune principles Inspired Approach to Detection of Web attacks (IADW), mathematical formulas of self, non-self, antigen, library of antibody genes, immunocyte, and etc., are given, and immune-learning algorithm is described. Experiment results show that our approach can detect unknown attacks with lower false alarm rate, missing alarm rate, and higher detection rate and identification rate than the technique based on neural network and ID3. Thus, it provides an effective novel solution to detection of Web attacks.