The Design And Implementation Of Web Application Intrusion Detection System Based On Distributed Data Mining

With the rapid development of internet,network application based on web technology and database architecture has become the mainstream and widely used in all aspects of our lives.Due to the convenience of web services,more and more people rely on it and shopping payment and other activity are carried out in the web platform.Due to remote access of web service and the exsit of a large number of loopholes in the web service program,making the means of web attacks becoming one of the most target being hacked.The frequent occurrence of web security incidents have a great impact on users and enterprises in recent years,weakening the trend of the development of web application.Therefore,it is urgent to study the web intrusion detection system with high adaptability.The traditional intrusion detection method will first model the known attack and form a regular feature database,which can be used to detect the known attacks.However,this web intrusion detection method has a high failure rate can not detect unknown attack and need to regularly update the feature database.Therefore,this paper analyzes the common web attack,extract the feature vector from the web server according to the characteristics of various attack,and use the classic algorithm K-means to make cluster analysis,mining the normal and abnormal access from the mass web log.The intrusion detection system which combining data mining not only reduces the heavy work of encoding and analysis,but also improves the adaptability of intrusion detection system.The specific work done in this paper is as follows:1.Design a new method of extracting web log featue according to the characteristics of various web attacks.2.Degisn a web application intrusion detection system based on distributed data mining.This system mainly includes the log collection,clustering analysis module and intrusion detect module.Using distributed system to collect log files and do data preprocessing according to the needs of intrusion detection.The log analysis module uses the K-means algorithm to cluster the data.3.The system was tested with the collected web log.The experimental results show that this system has better detection ability for XSS,SQL injection and CSRF attacks.