东篱科研大数据发现系统（DRDS）

位置：成果数据库 > 期刊 > 期刊详情页

一种新的Web应用防火墙的自学习模型

ISSN号：1000-1220
期刊名称：《小型微型计算机系统》
时间：0
分类：TP309[自动化与计算机技术—计算机系统结构;自动化与计算机技术—计算机科学与技术]
作者机构：[1]北京邮电大学网络与交换技术国家重点实验室,北京100876, [2]西门子中国研究院信息安全部,北京100102
相关基金：国家自然科学基金项目（61202434,61170270,61121061）资助;中央高校基本科研业务费专项（2011RC0505,2011RCZJ15,2012R（30612,2011YB01）资助.

关键词： Web安全, Web应用防火墙, 网页参数, 自学习模式, web security, web application f＇trewall, web parameter, learning mode

中文摘要：

针对Web应用攻击方式繁多、传统Web应用防火墙黑名单规则库过于复杂的问题，提出一种新的web应用防火墙的自学习模型，采用先收集、整理和归纳网页参数特征，再与用户提交数据进行规则匹配的方法，实现对Web应用的安全防护．自学习模型将web页面参数分为类型固定参数、枚举参数和用户输入参数三类，由初始学习模块和持续学习模块组成，前者由合理样本数据建立初始规则库，后者根据用户近一段时间的输入数据持续学习网页特点，扩充用户合法行为模式，以适应用户需求变化和Web应用更新．本模型采用异常流量统计和数据包相似性分析的综合方法应对针对学习过程的攻击，进行有选择性的学习．实验结果表明此自学习模型具有良好的安全防护能力和学习能力．

英文摘要：

This paper presents a new model of learning WAF （ Web Application Firewall ） to solve the problem of various attacks and the complexity of black list. By collecting, summarizing and inducting the characteristics of web parameters, and then matching the user input with it, the model could ensure the security of Web applications. This model classifies the Web page parameters as fixed- type parameter, enumeration parameter and user-input parameter, and has two modules, initial learning module and continuous learn- ing module. The first one creates initial rule base according to the reasonable user input sample, then the latter one could continuously learn the characteristics of Web page based on the recently user input data, in order to adapt to application updates and the change of user needs. The model also introduces a comprehensive method of exceptional data flow statistic and the analysis of data similarity to learn selectively to resist the attacks which target the learning process. Experimental results has indicated that the new learning WAF has a great ability of protecting the security and learning.

同期刊论文项目

量子密码基本协议理论研究

期刊论文 58

物联网中跨网密钥管理研究

期刊论文 39 会议论文 2

通信网的网络理论和技术

期刊论文 303 会议论文 42 获奖 4 著作 1

同项目期刊论文

一种基于长度语义约束的报文格式挖掘方法

Improved certificateless multi-proxy signature

Improving the security of arbitrated quantum signature against the forgery attack

A Quantum Watermark Protocol

Semi-device-independent randomness expansion with partially free random sources

Discussion on quantum proxy group signature scheme with Â-type entangled states

An arbitrated quantum signature with Bell states

Security Weaknesses in Arbitrated Quantum Signature Protocols

Cryptanalysis of a sessional blind signature based on quantum cryptography

Improved Group Signature Scheme Based on Quantum Teleportation

An arbitrated quantum signature scheme with fast signing and verifying

A lattice-based signcryption scheme without random oracles

强度m的对称正交表的递归构造

Determination of stabilizer states

Reduced gap between observed and certified randomness for semi-device-independent protocols

A novel quantum group signature scheme without using entangled states

Cryptanalysis of a Quantum Proxy Weak Blind Signature Scheme

Security of Semi-Device-Independent Random Number Expansion Protocols

Linear monogamy of entanglement in three-qubit systems

Characterizing unextendible product bases in qutrit-ququad system

Local discrimination of four or more maximally entangled states

Distinguishing maximally entangled states by one-way local operations and classical communication

Practical quantum private query of blocks based on unbalanced-state Bennett-Brassard-1984 quantum-ke

Semi-loss-tolerant strong quantum coin-flipping protocol using quantum non-demolition measurement

无线传感器网络中的一种基于移动Agent的动态入侵检测系统

Fault tolerant quantum secure direct communication with quantum encryption against collective noise

2p元2-阶旋转对称弹性布尔函数的构造与计数

XOR-MAC的结构分析和安全性证明

无线传感器网络中基于分簇的数据聚合机制

素数元旋转对称弹性布尔函数的构造与计数

一种基于Hash函数和分组密码的消息认证码

带创造性思维的混沌蚂蚁群优化算法

一种基于云存储环境下的数据处理机制

An Algorithm for the Spectral Immunity of Binary Sequence with Period 2^n

An anonymous and efficient remote biometrics user authentication scheme in a multi server environment

量子密码协议安全性分析

协议规范挖掘研究综述

基于物联网的智能楼宇系统研究

A Quantum Protocol for Millionaire Problem with Continuous Variables

Linear Complexity of Generalized Cyclotomic Quaternary Sequences with Period pq

云辅助 P2P-VoD 系统中一种邻居选择算法

Energy Aware Virtual Network Embedding

Privacy-Preserving Self-Helped Medical Diagnosis Scheme Based on Secure Two-Party Computation in

保护私有信息的动点距离判定协议及其推广

Cheat sensitive quantum bit commitment via pre- and post-selected quantum states

An Uneven Distribution Based Energy Optimized Routing Protocol for WSNs

A quantum secret sharing protocol with fairness

Adaptive T-S FRBF-based Risk Assessment Method for Electric Power Communication Network

区域化的无线蜂窝网自主节能管理机制

Efficient Threshold PKE with Full Security Based on Dual Pairing Vector Spaces

Virtual Network Embedding with Survivable Routing

On the construction of multi-output Boolean functions with optimal algebraic immunity

Secure Privacy-Preserving Biometric Authentication Scheme for Telecare Medicine Information Systems

LBAS An effective pricing mechanism towards video migration in cloud-assisted VoD system

Weighted Community Detection Based on a Community-Topic Interacting Model

A Parsing Mode based Method for Malformed SIP Messages Testing for IMS network

A Load Balancing Method in SiCo Hierarchical DHT-based P2P Network

A study on Operators’ Network Architecture based on P2P Technology

Improved Group Signature Scheme Based on Quantum Teleportation

An arbitrated quantum signature with Bell states

Trust routing algorithm based on multiple decision factor thoery in OSPF protocol

Cryptanalysis and improvement of a certificateless encryption scheme in the standard model

Quantum state secure transmission in network communication

Defeating Constraint based Program Analysis with Temporal Correlation Function

Multi-party quantum private comparison protocol with n-level entangled states

Parsing and Detecting Phishing Pages Based on Semantic Understanding of Text

保护隐私的逢低买入协议及其推广

一种改进的BGP安全机制

一种面向云服务提供商的资源分配机制

城市汽车导航中一种改进的D-S证据理论地图匹配算法

A Vertical Handoff Method via Self-Selection Decision Tree for Internet of Vehicles

Comb: a resilient and efficient two-hop lookup service for distributed communication system

Security of the arbitrated quantum signature protocols revisited

Fault-tolerant quantum cryptographic protocols with collective detection over the collective ampli

一种基于长度语义约束的报文格式挖掘方法

An efficient server bandwidth costs decreased mechanism for asynchronous streaming in cloud-assisted

Application semi-group property of enhanced Chebyshev polynomials to anonymous authentication protoc

A Multi-dimensional Resource Allocation Algorithm in Cloud Computing

面向业务的多终端动态协同构造机制

A Privacy-Preserving Sequence Pattern Mining Method based on horizontally Distributed Database

Control Flow Deobfuscation Method Based on Path Feasibility Analysis

Revisiting “The Loophole of the Improved Secure Quantum Sealed-Bid Auction with Post-Confirmation

Chaos–order transition in foraging behavior of ants

Hierarchical quantum information splitting of an arbitrary two-qubit state via the cluster state

基于时间窗的多无人机联盟任务分配方法研究

Disaster Recovery Backup Strategy for P2P Based VoIP Application

An Optimization Model of Load Balancing in P2P SIP Architecture

A Method for Disguising Malformed SIP Messages to Evade SIP IDS

An Efficient Method for Scheduling Massive Vulnerability Scanning Plug-ins

Efficient algorithms for scheduling multiple bulk data transfers in inter-datacenter networks

An Access Network Selection Mechanism for Heterogeneous Wireless Environments

基于计时器的最小连通支配集生成算法

2p元2-阶旋转对称弹性函数的构造与计数

Survey of the Virtual Machine Introspection in Cloud Computing

CloudProxy: A NAPT Proxy for Vulnerability Scanners based on Cloud Computing

A rapid detection algorithm for malformed H-DoS in the cloud platform

安全两方线段求交协议及其在保护隐私凸包交集中的应用

标准模型下可证明安全的RFID双向认证协议

基于动态邻接信任模型的安全路由算法研究

Accurate Diagnosis in Computer Networks Using Unicast End-to-End Measurements

Security protocol for RFID system conforming to EPC-C1G2 standard

路径条件驱动的混淆恶意代码检测

Research of Hierarchical Intrusion Detection Model based on Discrete Cellular Neural Networks

Analysis of the two-particle controlled interacting quantum walks

基于机器学习的SPIT可疑度评估方法

An Improved Approach for Route Planning in Urban Traffic Network

IP Flow Mobility Trigger Mechanism in Heterogeneous Wireless Networks

An Energy-Aware Method of Web Service Composition

泛在末梢环境下基于动态备用的业务应急机制

A novel path-based approach for single-packet IP traceback

适应自相似业务的无线网络自主CAC策略

Cost-efficient task scheduling for executing large programs in the cloud

Cost-aware Cloud Service Request Scheduling for SaaS Providers

Cloud SIP System (CSS) : To Decompose SIP Sessions into Transactions for Cloud Environment

A New Security Mechanism for BGP Path Verification

Research on Server Push in Web Browser based Instant Messaging Applications

基于参数建模的分布式信任模型

面向MANET路由的多属性动态信任模型

Eavesdropping on Multiparty Quantum Secret Sharing Scheme Based on the Phase Shift Operations

Virtual Network Embedding Through Topology Awareness and Optimization

A precise and practical IP traceback technique based on packet marking and logging

A Push-Pull Data Scheduling Algorithm for P2P Streaming Media

On the linear complexity of a class of quaternary sequences with low autocorrelation

Lag synchronization of coupled multi-delay systems

Improving synchronous ability between complex networks

An algorithm for constructing all the pairings on elliptic curves,

Study of Attacks and Countermeasures in Wireless Sensor Networks

A Ranging Based Scheme for Detecting the Wormhole Attack in Wireless Sensor Networks

A Reputation-based Ant secure routing Protocol of Wireless Sensor Networks

Light-weight Proofs of Retrievability in Cloud Archive Storage with Replications

A novel Hierarchical Reputation Model for Wireless Sensor Networks

An Empirical Analysis of the Effectiveness of Browser-based Anti-phishing Solutions

Full privacy preserving electronic voting scheme

一种基于长度语义约束的报文格式挖掘方法

Malicious node detection in wireless sensor networks using time series analysis on node reputation

Semi-loss-tolerant srtong coin flipping protocol using EPR pairs

A Novel Steganographic Method with Four-Pixel Differencing and Exploiting Modification Direction

A General Construction of Sequences with Good Autocorrelation over the 16-QAM Constellation

A secure quantum group signature scheme based on Bell states

Information leak in Liu et al.’s quantum private comparison and a new protocol

Improved quantum signature scheme with weak arbitrator

The cryptanalysis of Yuan et al.'s multiparty quantum secret sharing protocol

Fast and scalable support vector clustering for large-scale data analysis

Global Detection of Live Virtual Machine Migration based on Cellular Neural Networks

Service-Oriented Synergy Mechanism among Multi-Devices in Ubiquitous Network

Task coalition formation and self-adjustment in the wireless sensor networks

A Light-Weight Rainbow Signature Scheme for WSN

Improved certificateless multi-proxy signature

FFNS: A Flooding Attack Filtering Nodes Selection Method Using Node Betweennes

利用干扰消除的协同中继传输方案

WSN Trust Models Evaluation in the Context of IoT

Universal Composable Secure protocol for EPC system

Improving the security of arbitrated quantum signature

Cryptanalysis and improvement of a multi-user quantum communication network using χ-type entangled s

Choice of measurement as the secret

Nonlocality of orthogonal product basis quantum states

An arbitrated quantum signature scheme with fast signing and verifying

Practical quantum all-or-nothing oblivious Transfer protocol

One-way LOCC indistinguishability of maximally entangled states

Cryptanalysis of enhancement on "quantum blind signature based on two-state vector formalism&

Cryptanalysis of a multi-party quantum key agreement protocol with single particles

Certificateless Public Key Encryption with Hybrid Problems and its Application to Internet of Thi

Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation

A novel pairing-free certi？cateless authenticated key agreement protocol with provable security

New constructions of symmetric orthogonal arrays of strength t

网络虚拟化环境下的服务故障诊断算法&lowast;

一种基于信誉的移动自组网区分服务激励机制

Information Leakage in Quantum Secret Sharing of Multi-Bits by an Entangled Six-Qubit State

Quantum Private Comparison Protocol with W States

Minimum best success probability by classical strategies for quantum pseudo-telepathy

A General Two-Party Bi-Input Private Function Evaluation Protoco

A Fuzzy Identity-Based Signcryption Scheme from Lattices

Self-organizing Energy-saving Management Mechanism based on Pilot Power Adjustment in Cellular Netwo

Centralized Management Mechanism for Cell Outage Compensation in LTE Networks

Discussion on quantum proxy group signature scheme with ？-type entangled states

An anonymous user authentication with key agreement scheme without pairings for multi-server archite

Efficient secure multiparty computation protocol for sequencing problem over insecure channel

GLS: new class of generalized legendre sequences with optimal arithmetic cross-correlation

Construction and counting of 1-resilient rotatin symmetric Boolean functions on pq variables

一种轻量化的边界网关协议路径验证机制

BGP Path Verification Mechanism Based on Sanitizable Signature

New constructions of symmetric orthogonal arrays of strengtht

企业战略驱动的QoS属性相关Web服务选择与部署方法

业务量驱动的区域化无线接入网自主节能机制

基于TCP数据包层分析的移动互联网用户体验的评估方法

Privacy-Assured Substructure Similarity Query over Encrypted Graph-Structured Data in Cloud

A Novel Path-based Approach for Single-Packet IP Trace back

Enhanced Energy-Efficient Scheduling for Parallel Tasks using Partial Optimal Slacking

PAIDD: a hybrid P2P-based architecture for improving data distribution in social networks

SBDP: Bandwidth Prediction Mechanism towards Server Demands in P2P-VoD System. Peer-to-Peer Networki

An efficient server bandwidth costs decreased mechanism towards mobile devices in cloud-assisted P2P

Filtering Location Optimization in Reactive Packet Filtering

Quantum anonymous ranking

Grid Density Based Evolving Clustering Algorithm For Data Streams

支持向量机回归预测在网络故障检测中的应用

An Uncertainty-Based Distributed Fault Detection Mechanism for Wireless Sensor Networks

Prediction-based dynamic resource scheduling for virtualized cloud systems

基于带宽请求预测和云资源预留的视频移植策略

Multiple bulk data transfers scheduling among datacenters

Determination of W states equivalent under stochastic local operations and classical communication

Cryptanalysis of a sessional blind signature based on quantum cryptography

Efficient Quantum Transmission in Multiple-Source Networks

A Composition and Recovery Strategy for Mobile Social Network Service in Disaster

Quantum key agreement with EPR pairs and single-particle measurements

Certificateless Public Key Encryption Scheme with Hybrid Problems and Its Application to Internet of

匿名和可问责平衡的信誉系统

A novel remote user authentication and key agreement scheme for mobile client-server environment

新型的802.11n联合符号定时同步与细频偏估计算法研究

An Anonymous User Authentication with Key Agreement Scheme without Pairings for Multiserver Architec

A Strongly Secure Pairing-free Certificateless Authenticated Key Agreement Protocol for Low-Power De

Energy Efficient Source Location Privacy Protecting Scheme in Wireless Sensor Networks Using Ant Col

Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation

A lattice-based signcryption scheme without random oracles

强度m的对称正交表的递归构造

A Novel Authentication Scheme Using Self-certified Public Keys for Telecare Medical Information Syst

Cryptanalysis and improvement of a certificateless aggregate signature scheme

Analysis and Improvement of 'Chaotic Map Based Mobile Dynamic ID Authenticated Key Agreement

An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobil

A novel pairing-free certificateless authenticated key agreement protocol with provable security

An Efficient and Secure Certificateless Authentication Protocol for Healthcare System on Wireless Me

An Efficient and Provably-Secure Certificateless Public Key Encryption Scheme for Telecare Medicine

A biometric-based Password Authentication with key Exchange Scheme using Mobile Device for Multi-Ser

Efficient probe selection for fault localization using the property of submodularity

新颖的正则NFA引擎构造方法

基于非线性规划的链路丢包率推理算法

网络虚拟化环境下的服务故障诊断算法

无线传感器网络蠕虫的传播与控制

2p元2-阶旋转对称弹性布尔函数的构造与计数

XOR-MAC的结构分析和安全性证明

无线传感器网络中基于分簇的数据聚合机制

素数元旋转对称弹性布尔函数的构造与计数

一种基于Hash函数和分组密码的消息认证码

带创造性思维的混沌蚂蚁群优化算法

群签名中成员撤销问题解决方案

泛在末梢环境下的多终端协同选择机制

基于频繁项挖掘的空间关联性子簇形成算法

PFA在FPGA正则引擎上的设计和仿真

基于CNN同心邻域极值的多车道智能交通系统图像多车牌区域的边缘检测

动态疫苗接种的入侵检测方法

基于可信建模过程的信任模型评估算法

对一个格基身份签名方案的分析和改进

基于粗糙集和人工免疫的集成入侵检测模型

改进的BGP安全机制

新型的IEEE 802.11n联合符号定时同步与细频偏估计算法

保护隐私的逢低买入拍卖协议及其推广

圆和维诺图相交模拟基站覆盖算法

基于改进Kruskal算法的WSN故障节点检测方法

虚拟计算环境下基于模糊聚类的资源调度算法

泛在末梢环境可靠性预测的服务发现选择协议

基于协同谱聚类的推荐系统托攻击防御算法

高效的SIP服务器模糊测试方法

基于神经网络和遗传算法的网络安全事件分析方法

基于混合能源的无线蜂窝网节能管理机制

泛在末梢环境下的动态业务恢复机制

移动P2P资源共享激励机制

基于样本加权的基因特征选取模型

虚拟计算环境下面向应用的基于信任的资源匹配模型

基于终端干扰和链路稳定性的多终端协同维护机制

云辅助P2P-VoD系统中一种邻居选择算法

基于控制流序位比对的智能Fuzzing测试方法

一种识别和追踪恶意匿名评价者的信任模型

跨数据中心的关联云数据部署策略

云环境下保护隐私的最短距离计算方法研究

一种基于云存储环境下的数据处理机制

对一个模糊身份格基签名方案的改进

一种基于完整性的云存储自主验证协议

A Self-adaptive Learning Rate Principle for Stacked Denoising Autoencoders

An Algorithm for the Spectral Immunity of Binary Sequence with Period 2^n

An anonymous and efficient remote biometrics user authentication scheme in a multi server environment

量子密码协议安全性分析

Variational learning for finite Beta-Liouville mixture models

有限贝塔刘维尔混合模型的变分学习及其应用

混合逆狄利克雷分布的变分学习及应用

企业战略驱动的QoS属性相关Web 服务选择与部署方法

泛在末梢环境下均衡多业务的终端聚合机制

协议规范挖掘研究综述

基于物联网的智能楼宇系统研究

基于层级化身份的可证明安全的认证密钥协商协议

期刊信息

《小型微型计算机系统》
中国科技核心期刊

主管单位:中国科学院
主办单位:中国科学院沈阳计算技术研究所
主编：林浒
地址：沈阳市浑南新区南屏东路16号
邮编：110168
邮箱：xwjxt@sict.ac.cn
电话：024-24696120 024-24696190-8870

国际标准刊号：ISSN：1000-1220
国内统一刊号：ISSN：21-1106/TP
邮发代号:8-108

获奖情况:
中国自然科学核心期刊,中国科学引文数据库来源期刊

国内外数据库收录:
俄罗斯文摘杂志,波兰哥白尼索引,荷兰文摘与引文数据库,美国剑桥科学文摘,英国科学文摘数据库,日本日本科学技术振兴机构数据库,中国中国科技核心期刊,中国北大核心期刊（2004版）,中国北大核心期刊（2008版）,中国北大核心期刊（2011版）,中国北大核心期刊（2014版）,中国北大核心期刊（2000版）

被引量:23212