摘要
针对Web应用攻击方式繁多、传统Web应用防火墙黑名单规则库过于复杂的问题,提出一种新的Web应用防火墙的自学习模型,采用先收集、整理和归纳网页参数特征,再与用户提交数据进行规则匹配的方法,实现对Web应用的安全防护.自学习模型将Web页面参数分为类型固定参数、枚举参数和用户输入参数三类,由初始学习模块和持续学习模块组成,前者由合理样本数据建立初始规则库,后者根据用户近一段时间的输入数据持续学习网页特点,扩充用户合法行为模式,以适应用户需求变化和Web应用更新.本模型采用异常流量统计和数据包相似性分析的综合方法应对针对学习过程的攻击,进行有选择性的学习.实验结果表明此自学习模型具有良好的安全防护能力和学习能力.
This paper presents a new model of learning WAF ( Web Application Firewall ) to solve the problem of various attacks and the complexity of black list. By collecting, summarizing and inducting the characteristics of web parameters, and then matching the user input with it, the model could ensure the security of Web applications. This model classifies the Web page parameters as fixed- type parameter, enumeration parameter and user-input parameter, and has two modules, initial learning module and continuous learn- ing module. The first one creates initial rule base according to the reasonable user input sample, then the latter one could continuously learn the characteristics of Web page based on the recently user input data, in order to adapt to application updates and the change of user needs. The model also introduces a comprehensive method of exceptional data flow statistic and the analysis of data similarity to learn selectively to resist the attacks which target the learning process. Experimental results has indicated that the new learning WAF has a great ability of protecting the security and learning.
出处
《小型微型计算机系统》
CSCD
北大核心
2014年第3期483-487,共5页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(61202434
61170270
61121061)资助
中央高校基本科研业务费专项(2011RC0505
2011RCZJ15
2012RC0612
2011YB01)资助
