CN108289077B - Method and device for carrying out fuzzy detection analysis on WEB server security - Google Patents
Method and device for carrying out fuzzy detection analysis on WEB server security Download PDFInfo
- Publication number
- CN108289077B CN108289077B CN201710013578.4A CN201710013578A CN108289077B CN 108289077 B CN108289077 B CN 108289077B CN 201710013578 A CN201710013578 A CN 201710013578A CN 108289077 B CN108289077 B CN 108289077B
- Authority
- CN
- China
- Prior art keywords
- matrix
- action
- service
- business
- sequence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 32
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000004458 analytical method Methods 0.000 title claims abstract description 25
- 239000011159 matrix material Substances 0.000 claims abstract description 157
- 230000000875 corresponding effect Effects 0.000 claims abstract description 37
- 230000002159 abnormal effect Effects 0.000 claims abstract description 35
- 230000009471 action Effects 0.000 claims description 134
- 238000011156 evaluation Methods 0.000 claims description 37
- 238000012545 processing Methods 0.000 claims description 12
- 238000011161 development Methods 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 abstract description 16
- 230000006399 behavior Effects 0.000 abstract description 4
- 206010000117 Abnormal behaviour Diseases 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 11
- 230000018109 developmental process Effects 0.000 description 9
- 230000008569 process Effects 0.000 description 8
- 230000005856 abnormality Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 230000002787 reinforcement Effects 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000013178 mathematical model Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000035515 penetration Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000000889 atomisation Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 230000033772 system development Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Alarm Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
本发明公开了一种对WEB服务器安全性进行模糊检测分析的方法及装置,涉及WEB服务器安全性领域,所述方法包括:通过分析业务执行期间的用户请求消息,对是否存在用户请求消息异常进行预判;若预判结果为存在用户请求消息异常,则获取所述业务相应动作矩阵的权重矩阵和评判矩阵;利用所述业务相应动作矩阵的权重矩阵和评判矩阵,进行模糊运算,并根据模糊运算结果,确定WEB服务器的安全性。本发明实施例基于用户行为进行WEB服务器安全性检测分析,能够防范恶意订购等异常行为,提升WEB服务器安全性。
The invention discloses a method and device for fuzzy detection and analysis of WEB server security, and relates to the field of WEB server security. Pre-judgment; if the pre-judgment result is that there is an abnormal user request message, obtain the weight matrix and judgment matrix of the corresponding action matrix of the service; use the weight matrix and judgment matrix of the corresponding action matrix of the service to perform fuzzy operations, and according to fuzzy As a result of the calculation, the security of the WEB server is determined. The embodiments of the present invention perform WEB server security detection and analysis based on user behavior, can prevent abnormal behaviors such as malicious subscription, and improve WEB server security.
Description
Technical Field
The invention relates to the field of WEB server security, in particular to a method and a device for carrying out fuzzy detection analysis on WEB server security.
Background
In the internet environment, the importance of WEB server security is undoubted.
Generally, for a WEB server running online, the common WEB security detection means is as follows: a security manufacturer scans which bugs exist in the system by using a security tool, or makes security assessment on the WEB server by using schemes such as manual penetration test and the like, and then developers adopt corresponding security reinforcement schemes according to problems indicated in assessment reports.
In practical applications, a security reinforcing scheme commonly adopted is cooperatively achieved through two aspects, on one hand, a firewall mechanism is added, the main purpose is to isolate or protect a server from attacks, in some cases, simple means such as Uniform Resource Locator (URL) address filtering or parameter rule checking are added to prevent vulnerabilities such as Structured Query Language (SQL) injection, Cross Site Scripting (CSS), and the like, and on the other hand, security of an application service itself is mainly improved through means such as coding.
However, the prior art has the following defects in the application process:
1. the firewall is more focused on physical attacks, and for abnormal requests disguised as normal operations or apparently normal service requests, the situation that the requests still belong to illegal requests and the like can be found through associated contexts, so that the judgment mechanism is difficult.
2. The security reinforcement is made harder by invasive means such as deep penetration, and the technology of preventing the loophole by adopting the code is always in a passive state so as to be fatigued and cause accidents by carelessness.
3. The safety awareness of application (or business) developers is not enough, and professional security personnel are not always in the process of business, so that a good and reasonable filtering rule mechanism is difficult to be planned to prevent the application (or business) developers from happening, and the improvement is usually performed after the system development is completed, but the participation is insufficient in the development stage; meanwhile, once the safety requirement is considered during application software development, the business logic is abnormal and complicated, and particularly for the safety reinforcement of the existing system, the development difficulty and the maintenance cost are greatly increased.
Disclosure of Invention
According to the method and the device for carrying out fuzzy detection analysis on the security of the WEB server, which are provided by the embodiment of the invention, the problem of low security of the WEB server is solved.
The method for carrying out fuzzy detection analysis on the security of the WEB server, provided by the embodiment of the invention, comprises the following steps:
pre-judging whether the user request message is abnormal or not by analyzing the user request message during the service execution period;
if the pre-judging result is that the user request message is abnormal, acquiring a weight matrix and a judging matrix of the corresponding action matrix of the service;
and performing fuzzy operation by using the weight matrix and the judgment matrix of the action matrix corresponding to the service, and determining the safety of the WEB server according to the fuzzy operation result.
Preferably, the pre-judging whether there is an abnormality of the user request message by analyzing the user request message during the service execution includes:
and pre-judging whether the user request message is abnormal or not by analyzing the quantity fluctuation of the user request message in unit time during service execution.
Preferably, the pre-judging whether there is an abnormality of the user request message by analyzing the user request message during the service execution includes:
the execution sequence of the corresponding service action requested by the user is determined by analyzing the user request message during the service execution period, and whether the user request message is abnormal or not is judged in advance according to the execution sequence.
Preferably, the performing fuzzy operation by using the weight matrix and the evaluation matrix of the action matrix corresponding to the service, and determining the security of the WEB server according to the result of the fuzzy operation includes:
and carrying out fuzzy operation on the weight matrix and the judgment matrix of the corresponding action matrix of the service to obtain a safety matrix when the service action in the corresponding action matrix is executed according to the time sequence, and determining the safety when the service action is executed according to the time sequence according to the safety matrix.
Preferably, the action matrix is formed by one or more sets of service actions performed in time sequence for the service.
Preferably, the weight matrix is formed by weights corresponding to each service action in the action matrix, and is determined by the following steps:
determining an initial weight matrix according to a service action execution sequence and an action dependency relationship set in a service development period, and adjusting the initial weight matrix by using a fuzzy operation result in the service execution period.
Preferably, the evaluation matrix is formed by the values of the membership degrees of the service actions of the services to different security evaluation indexes.
According to the storage medium provided by the embodiment of the invention, the program for implementing the method for carrying out the fuzzy detection analysis on the security of the WEB server is stored.
The device for carrying out fuzzy detection analysis on the security of the WEB server provided by the embodiment of the invention comprises the following steps:
the pre-judging module is used for pre-judging whether the user request message is abnormal or not by analyzing the user request message during the service execution period;
the obtaining module is used for obtaining a weight matrix and a judgment matrix of the action matrix corresponding to the service when the prejudgment result is that the user request message is abnormal;
and the processing module is used for performing fuzzy operation by using the weight matrix and the judgment matrix of the action matrix corresponding to the service, and determining the safety of the WEB server according to the fuzzy operation result.
Preferably, the pre-judging module pre-judges whether there is an abnormality of the user request message by analyzing the fluctuation of the number of the user request messages in unit time during service execution, or determines an execution sequence of a corresponding service action requested by the user by analyzing the user request messages during service execution, and pre-judges whether there is an abnormality of the user request message according to the execution sequence.
Preferably, the processing module performs fuzzy operation on the weight matrix and the evaluation matrix of the corresponding action matrix of the service to obtain a security matrix when the service action in the corresponding action matrix is executed according to a time sequence, and determines security when the service action is executed according to the time sequence according to the security matrix.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
the embodiment of the invention carries out WEB server security detection and analysis based on user behaviors, can prevent abnormal behaviors such as malicious orders and the like, and improves the WEB server security.
Drawings
FIG. 1 is a flowchart of a method for fuzzy detection analysis of security of a WEB server according to an embodiment of the present invention;
FIG. 2 is a block diagram of an apparatus for fuzzy detection analysis of security of a WEB server according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a system module for performing fuzzy detection analysis on security of a WEB server according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of calculating an evaluation membership based on historical averages according to an embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings, and it should be understood that the preferred embodiments described below are only for the purpose of illustrating and explaining the present invention, and are not to be construed as limiting the present invention.
Fig. 1 is a flowchart of a method for performing fuzzy detection analysis on security of a WEB server according to an embodiment of the present invention, and as shown in fig. 1, the method includes the following steps:
step S101: and analyzing the user request message during the service execution period to prejudge whether the user request message is abnormal or not.
And pre-judging whether the user request message is abnormal or not by analyzing the quantity fluctuation of the user request message in unit time during service execution. For example, a period may be set, if the number of the user request messages received in the history period is substantially stable, and the number of the user request messages received in the current period is much larger than the number of the user request messages received in the history period, an extreme point will appear on the data curve, which indicates that the data is abnormally fluctuated, and there may be an abnormality in the user request messages.
Or, determining the execution sequence of the corresponding service action requested by the user by analyzing the user request message during service execution, and prejudging whether the user request message is abnormal or not according to the execution sequence. For example, the service action 2 should be executed after the service action 1, but it is found by analyzing the user request message that the service action 2 is executed frequently before the service action 1 is executed, which indicates that there may be an abnormality in the user request message.
Step S102: and if the pre-judgment result indicates that the user request message is abnormal, acquiring a weight matrix and a judgment matrix of the action matrix corresponding to the service.
The action matrix is formed by one or more groups of service actions executed according to time sequence of the service, for example, account opening, browsing, inquiring and account canceling are executed according to time sequence, and the action matrix formed by service actions of account opening, browsing, inquiring and account canceling is formed.
The weight matrix is composed of weights corresponding to all business actions in the action matrix, and is determined through the following steps: firstly, an initial weight matrix is determined according to a business action execution sequence and action dependency relationship set in a business development period. Secondly, because the result obtained by performing fuzzy operation by using the initial weight matrix is inconsistent with the safety of the actual WEB server, namely, the safety problem is determined after the fuzzy operation is performed by using the initial weight matrix, and when the safety problem is actually found not to exist, the initial weight matrix is proved to be inaccurate, and adjustment is needed at the moment.
The evaluation matrix is composed of the membership degree values of the service action of the service to different safety evaluation indexes. Specifically, a plurality of safety evaluation indexes can be set as required, and then the membership degree of the business action to different safety evaluation indexes is determined according to the historical data of the business action.
Step S103: and performing fuzzy operation by using the weight matrix and the judgment matrix of the action matrix corresponding to the service, and determining the safety of the WEB server according to the fuzzy operation result.
And carrying out fuzzy operation on the weight matrix and the judgment matrix of the corresponding action matrix of the service to obtain a safety matrix when the service action in the corresponding action matrix is executed according to the time sequence, and determining the safety when the service action is executed according to the time sequence according to the safety matrix. That is, the safety matrix is composed of the values of the degree of membership of the action timing to the difference and the safety evaluation index.
It will be understood by those skilled in the art that all or part of the steps in the method according to the above embodiments may be implemented by a program, which may be stored in a computer-readable storage medium, and includes steps S101 to S103 when the program is executed. The storage medium may be ROM/RAM, magnetic disk, optical disk, etc.
Fig. 2 is a block diagram of an apparatus for performing fuzzy detection analysis on security of a WEB server according to an embodiment of the present invention, as shown in fig. 2, including:
and the prejudging module is used for prejudging whether the user request message is abnormal or not by analyzing the user request message during the service execution period.
And the obtaining module is used for obtaining the weight matrix and the judgment matrix of the action matrix corresponding to the service when the prejudgment result is that the user request message is abnormal. The action matrix is composed of one or more groups of service actions of the service executed according to time sequence. The weight matrix is composed of weights corresponding to all the business actions in the action matrix, and is determined by the following steps: determining an initial weight matrix according to a service action execution sequence and an action dependency relationship set in a service development period, and adjusting the initial weight matrix by using a fuzzy operation result in the service execution period. The evaluation matrix is composed of the membership degree values of the service action of the service to different safety evaluation indexes.
And the processing module is used for performing fuzzy operation by using the weight matrix and the judgment matrix of the action matrix corresponding to the service, and determining the safety of the WEB server according to the fuzzy operation result.
The working steps of the device comprise: the pre-judging module pre-judges whether the user request message is abnormal or not by analyzing the quantity fluctuation of the user request message in unit time during the service execution period or the execution sequence of the corresponding service action requested by the user, and preliminarily judges whether the abnormality exists or not. If the abnormal condition exists, calling the corresponding weight matrix and the evaluation matrix to carry out fuzzy operation to obtain a safety matrix when the business action in the corresponding action matrix is executed according to the time sequence, and determining the safety when the business action is executed according to the time sequence according to the safety matrix. If the safety is low, namely the safety risk is high, the abnormal possibility is high, and at the moment, safety warning needs to be carried out. Since the operation result may be inconsistent with the actual situation, the weight matrix needs to be adjusted in a self-learning manner until the result of the fuzzy operation performed by using the adjusted weight matrix is consistent with the actual situation.
Fig. 3 is a schematic structural diagram of a system module for performing fuzzy detection analysis on security of a WEB server according to an embodiment of the present invention, and as shown in fig. 3, the system includes an apparatus for performing fuzzy detection analysis on security of a WEB server, where the apparatus includes an extremum detection module (for implementing a function of the prejudging module in fig. 2), a weight setting module, a multiple fuzzy operation module (for implementing a function of the acquiring module in fig. 2 and a fuzzy operation function of the processing module in fig. 2), and a state judgment module (for implementing a function of determining security of the processing module in fig. 2).
An extreme value detection module: the method detects a request with extreme characteristics from the request message, and specifically identifies the condition that an abnormal inflection point or abnormal fluctuation of data occurs when a business action is executed during the operation of the system, such as the sudden increase of the number of the request messages.
A weight setting module: the initial rule and the weight matrix are set according to the application or the service characteristics and are used for fuzzy calculation.
A multiple fuzzy operation module: and fuzzy calculation of the service which possibly has abnormal operation is realized.
A state determination module: and receiving the fuzzy calculation result, obtaining a final state and using the final state for alarming or recovering.
The information processing steps of the device of the embodiment of the invention comprise:
step A, a weight setting module is defined in a service function development stage, and when a service developer develops a function, m service key actions (namely service actions) are defined according to a sequence executed in sequence and a relevant dependency relationship to form a one-dimensional action matrix R containing m elements.
Step B, a plurality of action matrixes can be set for the functional module with complex business logic, and meanwhile, the functional module can be divided into a plurality of levels according to the atomization degree of the action, namely, the functional module can be expressed as a multi-dimensional action matrix or a plurality of one-dimensional action matrices;
and C, the service developer continues to draw up a one-dimensional matrix V containing n comments for the functions of the whole service module.
And D, marking an action dimension matrix (namely the action matrix) containing m elements with initial rule weight values, wherein the initial rule weight values are filled in the action dimension matrix and are represented by a matrix A, and the weight values can be interpreted as the possibility of the system executing according to the action sequence and the dependency relationship.
And E, automatically determining the membership degree of each business action on a certain comment according to the average value of the historical data of each business action during the running of the system.
And forming a judgment matrix R' of the action matrix R according to the membership degree of each business action on a certain comment.
And F, the extreme value detection module identifies the condition that an abnormal inflection point or data abnormal fluctuation occurs during the action execution when the system runs, such as the abnormal sequence or quantity of the action execution, and the like, so that the system automatically switches in the detection to deeply analyze and judge whether the request actually has the abnormal occurrence.
And G, carrying out fuzzy operation on the weight matrix A and the action matrix R by the multiple fuzzy operation module, and outputting a calculation result.
Specifically, the fuzzy operation is performed on the weight matrix a and the evaluation matrix R' of the action matrix R.
And H, receiving the fuzzy calculation result output in the step G by the state judgment module, obtaining the evaluation of the final state according to the size of the comment in the calculation result, outputting the evaluation, and subsequently finishing actions such as alarming or flow limitation and the like.
The system for carrying out fuzzy detection analysis on the security of the WEB server further comprises the following steps: a WEB message receiving and responding unit and a service execution unit.
As shown in fig. 3, it can be seen from the figure that the positions and the work flows of the modules of the system are shown, and the specific steps include:
step 1: and defining a weight setting module.
In the function development stage of the business system, a weight setting module can be predefined in advance, and m business key actions are defined by developers according to the execution sequence and the related dependency relationship to form a one-dimensional action matrix R containing m elements.
For the creation of the action matrix, various methods may be adopted, and one of the simplest scenarios may be that the action matrix is defined as some key function calls in the application execution process, for example, for a WEB service of a color ring back tone service, the key function calls may be account opening, account selling, query, browsing, listening, ordering, giving, deleting, and the like, that is, the one-dimensional action matrix may be expressed in the following form: r ═ account opening, account selling, query, browsing, listening on trial, purchase, presentation, deletion }.
For such a matrix, the color ring back tone service developer can clearly indicate the sequence and interdependence of the execution of actions, for example, the purchase is always performed after the account is opened, and the giving operation cannot occur after the account is sold. For the evaluation index of security, it is natural that the highest account is opened, the second time is bought and given, and the sensitivity of query and browsing is lowest, so that for the following action matrix R ═ opening, account, query, browsing, listening on test, purchasing, giving, deleting }, the corresponding weight matrix a may be labeled as a ═ 0.92,0.24,0.10,0.09,0.22,0.75,0.83,0.47}, so as to embody the above evaluation index.
The weight setting module can be used as a component of the service version to be packaged with the version, and opens a corresponding API interface for the fuzzy detection analysis system based on the user behavior to call when running.
Step 2: the system of this embodiment, through the design facing to the tangent plane, operates between two modules, namely, the message receiving and response unit and the service execution unit of the WEB server, and can participate in message processing and response in real time, or operate alone, for example, the specific application scenarios include:
(1) the preprocessing link before the message processing of the message receiving and transmitting unit is realized by directly analyzing the message content;
(2) the operation log/event analysis link after the service processing is finished is realized by analyzing log keywords or event characteristics;
(3) and executing the service processing concurrently and judging and realizing the service processing in real time.
Each implementation has advantages and disadvantages and most commonly is achieved by post-analysis of log keywords or event characteristics, but at the same time is able to alert or send control information to the messaging unit immediately once a problem is discovered.
And step 3: after the system of this embodiment starts to operate, the extreme value detection module first draws the execution data curve of each action in the action matrix in the latest period of time, and based on the average value generated by the data in the longer period, once finding the extreme value point (the data before or after the point is all larger or all smaller than it) larger than the average value, it goes to step 4 to enter the multiple fuzzy operation module of the detailed data analysis stage.
Step 3 may also calculate the variance between the two (the recent data and the average value), and determine whether to proceed to step 4 through variance change.
And 4, step 4: and the multiple fuzzy operation module performs fuzzy operation on the judgment matrix R' of the weight matrix A and the action matrix R according to an algorithm and outputs a calculation result.
The mathematical model adopted by the multiple fuzzy operation module for evaluation can adopt the following algorithm:
for the evaluated object, a total of m factors are set as u1、u2、…、umExpressed in the form of a set of U ═ U1、u2、…、um}; a total of n evaluation indexes of different degrees are set as v1、v2、…、vnAnd can be expressed in a set form of V ═ V1、v2、…、vn}. If use rijRepresenting the degree of membership of the ith factor to the jth comment, the fuzzy relationship between the factor set and the comment set can be represented by a judgment matrix R'. Wherein r is more than or equal to 0ij=μR'(ui,vj) 1, i is equal to or less than 1, 2, …, m; j is 1, 2, …, n, as shown in fig. 3, the evaluation matrix can be expressed as:
each factor weight is recorded as A ═ a1a2…am]Wherein 0. ltoreq. a.ltoreq.1 (i.e. a)1a2…amAre all in [0,1 ]]Interval), the operation result B of A and R' can be used as the evaluation object after integrating various factorsAnd finally, judging. The mathematical model of the fuzzy comprehensive evaluation can be expressed as the following calculation formula:
wherein, "o" represents a fuzzy operator, and the specific calculation formula is:
that is, element B in matrix BjIs equal to the action matrix a ═ a1a2…am]And evaluating the fuzzy operation value of the jth column element in the matrix R'. In specific operation, firstly, a is selectediAnd rijAnd then selects the maximum value from the m smaller values obtained as bjThe value of (c).
For example, for the following action matrix R ═ { open, cancel, query }, the operation process is as follows:
the comment is first defined briefly into three levels, i.e., V ═ high, medium, low, as shown in fig. 4, because rijAnd representing the membership degree of the ith factor to the jth comment, obtaining a two-dimensional data matrix for each element in the action matrix according to the relation between the current requested action and the historical data average value, wherein the two-dimensional data matrix can be represented as follows:
R1=[0.9,0.1,0.1],
R2=[0.2,0,5,0.1]
R3=[0.4,0.8,0.6]
wherein, to R1The actual situation of the data can be interpreted as that the possibility that the system evaluates that the account opening action belongs to three different levels of high, medium and low security risks when the account opening action occurs is [0.9,0.1 ]]In other words, the high risk is most likely.
And 5: the weight setting module with reference to the initial setting is set to a value of [0.92,0.24,0.10 ═ a]According to a specific calculation formula of the fuzzy operation, calculating to obtain a result B1=[0.9,0.24,0.1]。
For B as above1May be used to interpret the actual situation of the result of (A)When the system executes the action sequence of opening, canceling and inquiring, the probability of generating high risk is 0.9 at the maximum, and the probability of generating low risk is 0.1 at the minimum.
Step 6: the above calculation result B1Only R according to R1,R2,R3When the actual system runs, a plurality of groups of different data matrixes are obtained according to different start and stop times and different time granularity (which can also be regarded as data sampling periods), at the moment, the system performs similar multi-fuzzy calculation on the plurality of groups of different data matrixes, and a result B is obtained after multiple iterations2。
And 7: except for time factors, the sequence of action execution is also an important factor influencing evaluation in the actual operation process, so that R is subjected to iterative computation again by adopting a means of filling blank data and transposing transformation according to a predefined standard sequence A, and a plurality of B are generated in the middle3~BnThe provisional calculation result of (2).
And 8: temporarily calculating the result B1~BnAnd forming a new data matrix and carrying out fuzzy calculation again on the A initially set in the weight setting module to obtain a data result B'.
And step 9: the weight matrix a, the time granularity or the motion filling constant and other data parameters can be adjusted for a plurality of times at this time, the data change situation is observed according to the actual situation, and the step 4 is carried out to execute repeated iterative computation until a predefined warning or a set threshold value is reached. This step can be either manually engaged in the correction or automatically performed by the system after setting the standard fitting data.
Step 10: and the state judgment module receives the final calculation result B, determines to execute alarm or send control information to the WEB message receiving and sending unit, and ends the process.
The invention is explained based on a fuzzy detection analysis system of user behavior.
In summary, the embodiments of the present invention have the following technical effects:
1. the embodiment of the invention provides a weight setting module which can be defined in a service function development stage, and compared with a detection rule formulated by a safety detector or an expert system similar to a malicious code characteristic rule automatically summarized through code comparison analysis and the like, the weight setting module is defined by the developer in the implementation process, so that the accuracy is ensured, the simplicity in implementation is realized, and the influence of a safety detection system on the normal service execution process is avoided to a great extent.
2. For a system running in real time, the more powerful the system can detect the higher the performance requirement of the comprehensive security detection system on the system itself, so that the problems of too high cost of security reinforcement or great influence on the performance of system service and the like can exist.
3. The embodiment of the invention can be operated as a part of service security reinforcement, can also be operated in cooperation with an external independent security detection system, has the characteristics of light invasiveness and easy disassembly and loose coupling, and is easily suitable for various service scenes.
Although the present invention has been described in detail hereinabove, the present invention is not limited thereto, and various modifications can be made by those skilled in the art in light of the principle of the present invention. Thus, modifications made in accordance with the principles of the present invention should be understood to fall within the scope of the present invention.
Claims (8)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710013578.4A CN108289077B (en) | 2017-01-09 | 2017-01-09 | Method and device for carrying out fuzzy detection analysis on WEB server security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710013578.4A CN108289077B (en) | 2017-01-09 | 2017-01-09 | Method and device for carrying out fuzzy detection analysis on WEB server security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108289077A CN108289077A (en) | 2018-07-17 |
| CN108289077B true CN108289077B (en) | 2021-09-21 |
Family
ID=62819318
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710013578.4A Expired - Fee Related CN108289077B (en) | 2017-01-09 | 2017-01-09 | Method and device for carrying out fuzzy detection analysis on WEB server security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108289077B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109492394B (en) * | 2018-10-25 | 2024-05-03 | 平安科技(深圳)有限公司 | Abnormal service request identification method and terminal equipment |
| CN112968900A (en) * | 2021-02-26 | 2021-06-15 | 云账户技术(天津)有限公司 | Cross-site scripting attack vulnerability detection method and device and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7681235B2 (en) * | 2003-05-19 | 2010-03-16 | Radware Ltd. | Dynamic network protection |
| CN103489137A (en) * | 2013-10-17 | 2014-01-01 | 东南大学 | Action sequence determination method for reactive power compensation device of wind power system |
| CN104378361A (en) * | 2014-10-24 | 2015-02-25 | 苏州阔地网络科技有限公司 | Network intrusion detection method and system |
| CN104598880A (en) * | 2015-03-06 | 2015-05-06 | 中山大学 | Behavior identification method based on fuzzy support vector machine |
| CN105243328A (en) * | 2015-09-24 | 2016-01-13 | 哈尔滨工程大学 | Behavioral characteristic based Ferry horse defense method |
| CN105656923A (en) * | 2016-02-18 | 2016-06-08 | 中国工程物理研究院计算机应用研究所 | Binary protocol format analysis method based on fuzzy weighting |
| CN105827611A (en) * | 2016-04-06 | 2016-08-03 | 清华大学 | Distributed rejection service network attack detection method and system based on fuzzy inference |
| CN106209829A (en) * | 2016-07-05 | 2016-12-07 | 杨林 | A kind of network security management system based on warning strategies |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102761576B (en) * | 2011-04-28 | 2015-04-01 | 中兴通讯股份有限公司 | Web system malicious polyphonic ringtone ordering preventing method and server |
-
2017
- 2017-01-09 CN CN201710013578.4A patent/CN108289077B/en not_active Expired - Fee Related
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7681235B2 (en) * | 2003-05-19 | 2010-03-16 | Radware Ltd. | Dynamic network protection |
| CN103489137A (en) * | 2013-10-17 | 2014-01-01 | 东南大学 | Action sequence determination method for reactive power compensation device of wind power system |
| CN104378361A (en) * | 2014-10-24 | 2015-02-25 | 苏州阔地网络科技有限公司 | Network intrusion detection method and system |
| CN104598880A (en) * | 2015-03-06 | 2015-05-06 | 中山大学 | Behavior identification method based on fuzzy support vector machine |
| CN105243328A (en) * | 2015-09-24 | 2016-01-13 | 哈尔滨工程大学 | Behavioral characteristic based Ferry horse defense method |
| CN105656923A (en) * | 2016-02-18 | 2016-06-08 | 中国工程物理研究院计算机应用研究所 | Binary protocol format analysis method based on fuzzy weighting |
| CN105827611A (en) * | 2016-04-06 | 2016-08-03 | 清华大学 | Distributed rejection service network attack detection method and system based on fuzzy inference |
| CN106209829A (en) * | 2016-07-05 | 2016-12-07 | 杨林 | A kind of network security management system based on warning strategies |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108289077A (en) | 2018-07-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110399925B (en) | Account risk identification method, device and storage medium | |
| CN105183625B (en) | A kind of daily record data treating method and apparatus | |
| US10990516B1 (en) | Method, apparatus, and computer program product for predictive API test suite selection | |
| CN112800290B (en) | Tracing data acquisition method, device and equipment | |
| TWI734466B (en) | Risk assessment method and device for leakage of privacy data | |
| US11429565B2 (en) | Terms of service platform using blockchain | |
| CN111027070A (en) | Malicious application detection method, medium, device and device | |
| CN109543891B (en) | Method and apparatus for establishing capacity prediction model, and computer-readable storage medium | |
| CN110020002A (en) | Querying method, device, equipment and the computer storage medium of event handling scheme | |
| CN113392426A (en) | Method and system for enhancing data privacy of an industrial or electrical power system | |
| CN114003920A (en) | Security assessment method and device for system data, storage medium and electronic equipment | |
| CN112968796A (en) | Network security situation awareness method and device and computer equipment | |
| CN108289077B (en) | Method and device for carrying out fuzzy detection analysis on WEB server security | |
| WO2017050148A1 (en) | Data analysis method and device | |
| CN109118043B (en) | Online data quality monitoring method and device, server and storage medium | |
| CN120012113A (en) | API vulnerability detection method, device and non-volatile storage medium | |
| US20180150638A1 (en) | Detection of security incidents through simulations | |
| CN119293842A (en) | Data theft attack processing method, device, storage medium and electronic device | |
| US20160050101A1 (en) | Real-Time Network Monitoring and Alerting | |
| US20250238307A1 (en) | Interactive data processing system failure management using hidden knowledge from predictive models | |
| CN115001771B (en) | Verification code defending method, system, equipment and storage medium based on automatic updating | |
| CN116132103A (en) | A network security situation monitoring method, device, electronic equipment and storage medium | |
| CN110858170A (en) | Sandbox component, data abnormity monitoring method, equipment and storage medium | |
| CN111385247B (en) | User behavior classification method and device, storage medium and server | |
| CN111934949A (en) | Safety test system based on database injection test |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210921 |