| There happens security incidents frequently in these few years and it causes a great social impact and economic losse.So how to detect cyber attack is an important issue.Administrators usually use firewalls to protect web applications from cyber attacks.But firewall or intrusion detection systems on the market are mostly based on the expert rules system,so it is hard to shield the new attacks.And sometimes it is a trouble for administrators to update system because of compatibility or other things,they are unwilling to update the system,so many malicious users make successful attacks on non-updated systems.In order to solve the problem that system cannot protect newly invented attacks,this paper presents a new method based on users’ behaviors.The algorithm analyze user access logs firstly,and build a users’ behaviors model based on information entropy.At last,this paper uses k-means algorithm to classify users’ behaviors to judge the users whether normal or malicious.This algorithm has a higher detection rate and a lower false alarm rate.It also has a good performance.Based on this algorithm,an adaptive web application firewall system is implemented.This system is based on reverse proxy and has a web user interface to manage the security of the web resources.There is a security module in this reverse proxy to detect the intrusion.This system collect the users’ access logs to generate new rules for security module to detect newly invented attacks.The system has been tested in an online experimental network which has some campus websites on it.The result demonstrates that the algorithm can solve the problem of detecting newly invented attacks and the system has a good performance for most websites to protect their security. |
PDF Full Text Request