###
DOI:
Journal of Software:2007.18(4):967-977

基于Web用户浏览行为的统计异常检测
谢逸,余顺争
(中山大学,电子与通信工程系,广东,广州,510275)
Anomaly Detection Based on Web Users' Browsing Behaviors
XIE Yi,YU Shun-Zheng
()
Abstract
Chart / table
Reference
Similar Articles
Article :Browse 4369   Download 5189
Received:September 26, 2005    Revised:April 03, 2006
> 中文摘要: 提出一种基于Web用户访问行为的异常检测方案,用于检测应用层上的分布式拒绝服务攻击,并以具有非稳态流特性的大型活动网站为例,进行应用研究.根据Web页面的超文本链接特征和网络中各级Web代理对用户请求的响应作用,用隐半马尔可夫模型来描述服务器端观测到的正常Web用户的访问行为,并用与大多数正常用户访问行为特征的偏离作为一个流的异常程度的测量.给出了模型的参数化方法,推导了模型参数估计与异常检测算法,讨论了实际网络环境下异常检测系统的实现方法.最后用实际数据验证了模型和检测算法的有效性.仿真结果表明,该模型
Abstract:This paper proposes an anomaly detection based on Web user access behavior for the defense of application layer Distributed Denial-of-Service (DDoS) attack. Based on the hyperlink characteristics of Web pages and the HTTP responding effect of different proxies in the Internet, this paper uses hidden semi-Markov model (HsMM) to describe the Web user browsing behavior observed at Web server, and employs likelihood of the observation sequence on user browsing behaviors fitting to the model as a measure of user’s normality. A parameterized model and its recursive formulae are derived and an on-line anomaly detection approach is introduced. Some issues involved in practical implementations of the model and the anomaly detection approach are discussed. Finally, an experiment is conducted to validate the model and the algorithm, which is based on a set of data colleted from a heavy-loaded Web server and an emulated DDoS attack that launches HTTP flooding to the Web site. The experimental results show that the model is effective in measuring the user behaviors and in detecting the application layer DDoS attacks.
文章编号:     中图分类号:    文献标志码:
基金项目:Supported by the National Natural Science Foundation of China under Grant No.90304011 (国家自然科学基金); the Natural Science Foundation of Guangdong Province of China under Grant No.04009747 (广东省自然科学基金); the Research Fund for the Doctoral Program of Higher Education of China under Grant No.20040558043 (高等学校博士学科点专项科研基金) Supported by the National Natural Science Foundation of China under Grant No.90304011 (国家自然科学基金); the Natural Science Foundation of Guangdong Province of China under Grant No.04009747 (广东省自然科学基金); the Research Fund for the Doctoral Program of Higher Education of China under Grant No.20040558043 (高等学校博士学科点专项科研基金)
Foundation items:
Reference text:

谢逸,余顺争.基于Web用户浏览行为的统计异常检测.软件学报,2007,18(4):967-977

XIE Yi,YU Shun-Zheng.Anomaly Detection Based on Web Users' Browsing Behaviors.Journal of Software,2007,18(4):967-977