首页|使用Petri网进行Web系统异常行为识别

使用Petri网进行Web系统异常行为识别

扫码查看
Web服务器作为可以通过浏览器直接访问并与数据库集成的关键组件面临着多重安全威胁和漏洞.目前,基于异常的入侵检测系统(IDS)作为针对Web安全的积极方案,但该方法的挑战在于准确定义"正常"行为.使用Petri网可对Web开发中由路由定义的系统结构进行建模以定义"正常"行为,并利用一致性检测技术识别"异常"行为.然而,使用传统的对齐技术会导致"假阳性"结果.因此,引入基于中缀对齐的技术对齐日志和模型中的行为.同时,给出了基线法构建辅助模型以适用中缀对齐的方法.通过实例验证,采用基线法构建的辅助模型实现的中缀对齐技术能准确地判断"异常"行为.
Using Petri Nets for Anomaly Behavior Detection in Web Systems
Web servers,as a crucial component accessible directly through browsers and integrat-ed with databases,face multiple security threats and vulnerabilities.Currently,anomaly-based Intru-sion Detection Systems (IDS)are advocated as proactive measures against web security threats,yet the challenge lies in accurately defining"normal"behavior.Using Petri nets,the system structure defined by routes in Web development can be modeled to delineate"normal"behavior,leveraging conformance checking techniques to identify"abnormal"behavior.However,employing traditional alignment tech-niques often results in"false positives".Therefore,the introduction of infix alignment-based tech-niques to align behaviors in logs and models is proposed.Simultaneously,a baseline method is presented to construct auxiliary models suitable for infix alignment.Through empirical validation,it is demonstra-ted that the infix alignment technique,facilitated by the baseline method,accurately discerns"abnor-mal"behavior.

Petri netsconformance checkinginfix alignmentanomaly detection

王增辉、王丽丽

展开 >

安徽理工大学数学与大数据学院,安徽 淮南 232001

安徽省煤矿安全大数据分析与预警技术工程实验室,安徽 淮南 232001

Petri网 一致性检测 中缀对齐 异常检测

安徽理工大学高层次引进人才科研启动基金资助安徽省煤矿安全大数据分析与预警技术工程实验室开放基金深部煤矿采动响应与灾害防控国家重点实验室开放基金

2022yjrc87CSBD2022-ZD03SKLMRDPC22KF12

2024

佳木斯大学学报(自然科学版)
佳木斯大学

佳木斯大学学报(自然科学版)

影响因子:0.159
ISSN:1008-1402
年,卷(期):2024.42(7)