Abstract

The current network traffic is large, and the network attacks have multiple types. Therefore, anomaly detection model combined with machine learning is developing rapidly. Frequent occurrences of Web Application Firewall (WAF) bypass attacks and the redundancy of the data characteristics in Hypertext Transfer Protocol (HTTP) protocol make it difficult to extract data characteristics. In this paper, an integrated web intrusion detection system combined with feature analysis and support vector machine (SVM) optimization is proposed. By using expert’s knowledge, the characteristics of the common Web attacks are analyzed. The related data characteristics are selected by the analysis of the HTTP protocol. In the classification learning, the mature and robust support vector machine algorithm is utilized and the grid search method is used for the parameter optimization. Consequently, a better detection capability on Web attacks can be obtained. By using the HTTP DATASET CSIC 2010 data set, experiments have been carried out to compare the detection capability of different kernel functions. The results show that the proposed system performs good in the detection capability and can detect the WAF bypass attacks effectively.

中文翻译：

---

结合特征分析和SVM优化的Web入侵检测系统

摘要

当前的网络流量很大，网络攻击有多种类型。因此，结合机器学习的异常检测模型正在迅速发展。Web应用程序防火墙（WAF）旁路攻击的频繁发生以及超文本传输​​协议（HTTP）协议中数据特征的冗余性使得提取数据特征变得困难。本文提出了一种结合特征分析和支持向量机（SVM）优化的集成Web入侵检测系统。利用专家的知识，分析常见Web攻击的特征。通过分析HTTP协议选择相关的数据特征。在分类学习中 利用成熟鲁棒的支持向量机算法，并采用网格搜索法进行参数优化。因此，可以获得更好的Web攻击检测能力。通过使用HTTP DATASET CSIC 2010数据集，已进行实验以比较不同内核功能的检测能力。结果表明，所提出的系统具有良好的检测能力，可以有效地检测到WAF旁路攻击。