Automatic Identification for Abnormal HTTP Behavior Based upon RBF Neural Network

doi:10.3969/j.issn.1671-1122.2014.12.004

Abstract

Abstract: With the rapid development of Internet and the fast growth in the amount of users, the number of kinds of attacks against network services is increasing. At present, most of the network protection measures aim at attacks which take place in network layer or transport layer, there is almost no protection measure that aims at attacks which take place in application layer.On the other hand, more and more attacks which aim at Web service occur in application layer. This paper proposes an automatic identification algorithm, which could identifies abnormal HTTP behaviors based on RBF neural network. Firstly, the normal HTTP behaviors and the abnormal HTTP behaviors are simulated. Secondly, by analyzing the content of packets acquired in the Web communication process, combining with related information of packet header, records of HTTP behaviors are extracted. A lot of simulation experiments are conducted to generate enough records of normal and abnormal HTTP behaviors, these records are used to train RBF neural network. The well-trained neural network is used to identify abnormal HTTP behaviors from all HTTP behaviors automatically, then these abnormal HTTP behaviors are stored to database.

Key words: HTTP behavior, packet, radial basis function (RBF), neural network, abnormal behavior automatic identification

CLC Number:

TP309

WANG Jing-zhong, XU You-qiang. Automatic Identification for Abnormal HTTP Behavior Based upon RBF Neural Network[J]. 信息网络安全, 2014, 14(12): 16-20.

References

[1] 翟钰,武舒凡,胡建武. 防火墙包过滤技术发展研究[J]. 计算机应用研究,2004,（9）：144-145.
[2] 张兴东,胡华平,况晓辉,等. 防火墙与入侵检测系统联动的研究与实现[J]. 计算机工程与科学,2004,26（4）：23-26.
[3] 李凤华,苏铓,史国振,等. 访问控制模型研究进展及发展趋势[J]. 电子学报,2012,40（4）：805-813.
[4] 王小明,付红,张立臣. 基于属性的访问控制研究进展[J]. 电子学报,2010,38（7）：1660-1667.
[5] KARLOF C, WAGNER D. Secure routing in wireless sensor networks: Attacks and countermeasures[C]//Proceedings of the first IEEE international workshop on sensor network protocols and applications. ANCHORAGE, AK, 2003:113-127.
[6] 王朔,贾翔宇,林强. 基于可信度的无线传感器网络安全路由算法[J]. 通信学报,2008,299（11）：105-112.
[7] LIAO HUNG-JEN, LIN CHUN-HUNG RICHARD, LIN YING-CHIH. Intrusion detection system: A comprehensive review[J]. Journal of network and computer applications. 2013, 36(1): 16-24.
[8] 卿斯汉,蒋建春,马恒太,等. 入侵检测技术研究综述[J]. 通信学报,2004,25（7）：19-29.
[9] RANJAN S, SWAMINATHAN R, UYSAL M, et al. DDoS-resilient scheduling to counter application layer attacks under imperfect detection [C]//Proc of the 25th IEEE Int Conf on Computer Communications. Piscataway, NJ: IEEE, 2006:1-13.
[10] LAI JY, WU JS, CHEN SJ, et al. Designing a taxonomy of Web attacks [C]//Proc of the 3rd Int Conf on Convergence and Hybrid Information Technology. Piscataway, NJ:IEEE, 2008: 278-282.
[11] 温凯,郭帆,余敏. 自适应的Web攻击异常检测方法[J]. 计算机应用,2012,32(7)：2003-2006.
[12] 王竞超,刘光耀. 基于Ajax的Web攻击及防御方法[J]. 计算机与现代化,2012,(12)：119-122.
[13] 李一. 网络行为：一个网络社会学概念的简要分析[J]. 兰州大学学报,2006,（9）:19-21.
[14] 张爽. 论互联网犯罪[J]. 黑龙江科技信息,2008,(4):18-20.
[15] 何炎祥. 低速率拒绝服务攻击研究综述[J]. 计算机科学与探索,2008,(1):1-19.
[16] 王进,阳小龙,隆克平. 基于大偏差统计模型的Http-Flood DDoS检测机制及性能分析[J]. 软件学报,2012,23(5)：1272-1280.
[17] 陈明. MATLAB神经网络原理与实例精解[M]. 北京：清华大学出版社,2013.
[18] 杨淑莹. 模式识别与智能计算:MATLAB技术实现[M]. 2版. 北京：电子工业出版社,2011.