Web attack forensics based on network traffic behavior characteristics and URLs

With the continuous development of Internet technology, the Internet has penetrated into every aspect of people’s lives, and the importance of the network has also increased. The technology of network attack is constantly becoming more complex and diversified. Many network applications suffer from various network attacks and security threats, and network security problems are becoming more and more serious, new requirements are imposed on Web attack forensics. We propose a new Web attack forensics method combining network traffic characteristics with URLs based on the characteristics of network traffic. Our method achieved satisfactory results on the test data set.

[1]  Yao-Nan Wang,et al.  A method to choose kernel function and its parameters for support vector machines , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[2]  Xiaosong Zhang,et al.  Malicious URL detection using multi-layer filtering model , 2017, 2017 14th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP).

[3]  Fengyu Wang,et al.  Web Anomaly Detection Based on Frequent Closed Episode Rules , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[4]  Md Zahangir Alom,et al.  Intrusion detection using deep belief networks , 2015, 2015 National Aerospace and Electronics Conference (NAECON).

[5]  A. Guessoum,et al.  A wavelet denoising method to improve detection with ultrasonic signal , 2004, 2004 IEEE International Conference on Industrial Technology, 2004. IEEE ICIT '04..

[6]  Xiaofei Wang,et al.  SRD-DFA: Achieving Sub-rule Distinguishing with Extended DFA Structure , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[7]  Li Jing,et al.  Network Intrusion Detection Method Based on Relevance Deep Learning , 2016, 2016 International Conference on Intelligent Transportation, Big Data & Smart City (ICITBS).

[8]  Jan Kohout,et al.  Unsupervised detection of malware in persistent web traffic , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[9]  D. R. Patil,et al.  Web spam detection using SVM classifier , 2015, 2015 IEEE 9th International Conference on Intelligent Systems and Control (ISCO).

[10]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[11]  Giorgio Giacinto,et al.  HMM-Web: A Framework for the Detection of Attacks Against Web Applications , 2009, 2009 IEEE International Conference on Communications.

[12]  N.V. Thakor,et al.  Wavelet entropy method for EEG analysis: application to global brain injury , 2003, First International IEEE EMBS Conference on Neural Engineering, 2003. Conference Proceedings..

[13]  Kotaro Hirasawa,et al.  Intrusion detection system combining misuse detection and anomaly detection using Genetic Network Programming , 2009, 2009 ICCAS-SICE.

[14]  Yufang Liu,et al.  Decision Tree Applied in Web-Based Intrusion Detection System , 2010, 2010 Second International Conference on Future Networks.

[15]  Wen Kai Guo Fan An adaptive anomaly detection of WEB-based attacks , 2012, 2012 7th International Conference on Computer Science & Education (ICCSE).

[16]  Lin-Shan Lee,et al.  A best-first language processing model integrating the unification grammar and Markov language model for speech recognition applications , 1993, IEEE Trans. Speech Audio Process..

[17]  Dawei Wang,et al.  Malicious Web Pages Detection Based on Abnormal Visibility Recognition , 2009, 2009 International Conference on E-Business and Information System Security.

[18]  Juan E. Tapiador,et al.  Detection of Web-based attacks through Markovian protocol parsing , 2005, 10th IEEE Symposium on Computers and Communications (ISCC'05).