关联规则挖掘在网络攻击防范中的应用

Bulletin of the Polytechnic Institute of Iași. Electrical Engineering, Power Engineering, Electronics Section Pub Date : 2021-12-01 DOI:10.2478/bipie-2021-0020

Cătălin Mironeanu, Alexandru Archip, Georgiana Atomei

{"title":"关联规则挖掘在网络攻击防范中的应用","authors":"Cătălin Mironeanu, Alexandru Archip, Georgiana Atomei","doi":"10.2478/bipie-2021-0020","DOIUrl":null,"url":null,"abstract":"Abstract Designing a security solution should rely on having a good knowledge of the protected assets and better develop active responses rather than focus on reactive ones. We argue and prove that malicious activities such as vulnerabilities exploitation and (D)DoS on Web applications can be detected during their respective initial phases. While they may seem distinct, both attack scenarios are observable through abnormal access patterns. Following on this remark, we first analyze Web access logs using association rule mining techniques and identify these malicious traces. This new description of the historical data is then correlated with Web site structure information and mapped over trie data structures. The resulted trie is then used for every new incoming request and we thus identify whether the access pattern is legitimate or not. The results we obtained using this proactive approach show that the potential attacker is denied the required information for orchestrating successful assaults.","PeriodicalId":330949,"journal":{"name":"Bulletin of the Polytechnic Institute of Iași. Electrical Engineering, Power Engineering, Electronics Section","volume":"61 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Application of Association Rule Mining in Preventing Cyberattacks\",\"authors\":\"Cătălin Mironeanu, Alexandru Archip, Georgiana Atomei\",\"doi\":\"10.2478/bipie-2021-0020\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract Designing a security solution should rely on having a good knowledge of the protected assets and better develop active responses rather than focus on reactive ones. We argue and prove that malicious activities such as vulnerabilities exploitation and (D)DoS on Web applications can be detected during their respective initial phases. While they may seem distinct, both attack scenarios are observable through abnormal access patterns. Following on this remark, we first analyze Web access logs using association rule mining techniques and identify these malicious traces. This new description of the historical data is then correlated with Web site structure information and mapped over trie data structures. The resulted trie is then used for every new incoming request and we thus identify whether the access pattern is legitimate or not. The results we obtained using this proactive approach show that the potential attacker is denied the required information for orchestrating successful assaults.\",\"PeriodicalId\":330949,\"journal\":{\"name\":\"Bulletin of the Polytechnic Institute of Iași. Electrical Engineering, Power Engineering, Electronics Section\",\"volume\":\"61 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Bulletin of the Polytechnic Institute of Iași. Electrical Engineering, Power Engineering, Electronics Section\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2478/bipie-2021-0020\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Bulletin of the Polytechnic Institute of Iași. Electrical Engineering, Power Engineering, Electronics Section","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2478/bipie-2021-0020","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

设计一个安全解决方案应该依赖于对受保护资产的充分了解，更好地开发主动响应，而不是专注于被动响应。我们论证并证明，Web应用程序上的恶意活动(如漏洞利用和(D)DoS)可以在其各自的初始阶段被检测到。虽然它们看起来不同，但通过异常访问模式可以观察到这两种攻击场景。在此基础上，我们首先使用关联规则挖掘技术分析Web访问日志，并识别这些恶意痕迹。然后将历史数据的新描述与Web站点结构信息相关联，并映射到trie数据结构上。然后将结果trie用于每个新的传入请求，从而确定访问模式是否合法。我们使用这种主动方法获得的结果表明，潜在的攻击者无法获得策划成功攻击所需的信息。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Application of Association Rule Mining in Preventing Cyberattacks

Abstract Designing a security solution should rely on having a good knowledge of the protected assets and better develop active responses rather than focus on reactive ones. We argue and prove that malicious activities such as vulnerabilities exploitation and (D)DoS on Web applications can be detected during their respective initial phases. While they may seem distinct, both attack scenarios are observable through abnormal access patterns. Following on this remark, we first analyze Web access logs using association rule mining techniques and identify these malicious traces. This new description of the historical data is then correlated with Web site structure information and mapped over trie data structures. The resulted trie is then used for every new incoming request and we thus identify whether the access pattern is legitimate or not. The results we obtained using this proactive approach show that the potential attacker is denied the required information for orchestrating successful assaults.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Bulletin of the Polytechnic Institute of Iași. Electrical Engineering, Power Engineering, Electronics Section

自引率

0.00%

发文量