随着网络技术的不断发展,网上冲浪变得并不像以前那么的安全,持续不断的网络漏洞导致越来越多的网站正面临着被入侵的风险。为了维护网站的安全性,人们提出了许多与入侵检测相关的研究方案。其中,基于实时系统的入侵检测方案在众多研究中占了绝大一部分,这种系统能在网站受到入侵时给出第一时间的警告和防护,但是一旦一个网站已经受到了入侵,那么这些检测手段将变得毫无作用。除此之外,另外一些学者还提出了一些非实时入侵检测方案,非实时入侵检测方法可以运用在系统受到入侵之后,它们的主要作用是对入侵行为进行溯源。但是由于每个网站的整体架构都不一样,这种检测方法并不能评估一个网站所面临的入侵风险的大小。文章在基于Web日志和网站参数的前提下,提出了一个用于非实时入侵检测的风险评估模型。这个模型可以根据不同的网站参数定义不同的评估策略,这种评估策略会为每种攻击方式分配一定的权重,通过这些权重和Web日志所匹配的攻击信息,模型可以计算出系统的风险模糊值从而评估系统所遭受攻击的风险程度。实验结果表明文章的研究能有效地检测出每个网站所面临的入侵风险,它将对保护网站安全以及防御黑客攻击起到很重要的作用。
With the development of network technology, surfing the intemet is not as safe as it was before. A growing number of web application vulnerabilities result that a lot of websites face the risk of intrusion. To maintain the safety of the site, many intrusion detection related approaches have been proposed. Most of these approaches are based on real-time system, which can intercept and prevent the occurrence of attacks timely, but once a website has been invaded, these methods will not work. Altematively, there are also some intrusion detection methods based on non-real-time system, which are applied after the sites have been invaded. These systems can target the source of attacks but it is difficult for them to detect the grade of the risk that Web system suffered because the risks faced by each site are not the same. On the basis of Web logs and Web parameters, this paper proposes an improved risk assessment model for non-real-time intrusion detection. This model can define various assessment strategies according to different website parameter. The strategy will assign a weight for every kind of attack. Through the attack information that these weights and web logs match, the system can calculate the fuzzy value, which could be used to reflect the level of the threat that the system suffers under this kind of attack. The result of the experiment suggests that our study can efficiently detect the level of the threat that website suffers from the intrusion, which is of great help to maintain the security ofwebsite and prevent Hackers' attack.