中文摘要：

目前网络攻击越来越多地发生在应用层,而传统的网络防护技术主要针对网络层、传输层的防护.虽然目前有些网络防护技术可以检测出一些应用层攻击,但这些技术主要针对应用层一些已知攻击的防范,对于应用层未知攻击或新出现的攻击就显得无能为力.理论上而言,应用层异常检测能识别应用层上的所有攻击,因此应用层异常检测的研究就显得十分重要.本文在分析了应用层异常检测研究现状的基础上,提出一种基于关键事件序列的应用层异常检测机制,该机制是通过跟踪用户的应用层协议行为来发现用户的应用层异常操作,从而达到识别应用层攻击的目的.

英文摘要：

Today the network-based attacks often occur at application level,and traditional security technologies detect attacks only from network layer and transport layer. Although some security technologies can detect some application level attacks,these technologies mainly detect some known attacks,and these technologies can＇t detect novel or unknown attacks happened on application level. Application level anomaly detection can detect all the attacks in theory,so the research of application level anomaly detection is very important. In this paper,we first introduce the current status of application level anomaly detection,then a new anomaly detection mechanism is present to detect application level attacks,this mechanism is based on series of events.