CAJ | 학술논문

针对Web服务应用的攻击是近年来网络上广泛传播的攻击方式，现有的攻击检测算法多采用监督学习的方法确定正常行为和攻击行为的分类边界；但由于监督检测模型在检测之前需要复杂的学习过程，往往会降低系统的实用效果。因此，根据现实中正常访问样本和攻击样本在数量和分布上的差异，提出了一种基于文本聚类的非监督检测算法。算法首先采用迭代聚类过程聚类样本，直至聚为一类；同时根据异常与正常样本的分布规律，在聚类过程中选择最优的最大类别作为正常样本类，将其余的作为异常样本类。最优方案的选择采用了使得分类误差最小的原则确定。实验表明，与多种经典检测方法相比，该方法省去了复杂的学习过程，增强了方法的适应性，具有较好的检测率和误报率。
침대Web복무응용적공격시근년래망락상엄범전파적공격방식，현유적공격검측산법다채용감독학습적방법학정정상행위화공격행위적분류변계；단유우감독검측모형재검측지전수요복잡적학습과정，왕왕회강저계통적실용효과。인차，근거현실중정상방문양본화공격양본재수량화분포상적차이，제출료일충기우문본취류적비감독검측산법。산법수선채용질대취류과정취류양본，직지취위일류；동시근거이상여정상양본적분포규률，재취류과정중선택최우적최대유별작위정상양본류，장기여적작위이상양본류。최우방안적선택채용료사득분류오차최소적원칙학정。실험표명，여다충경전검측방법상비，해방법성거료복잡적학습과정，증강료방법적괄응성，구유교호적검측솔화오보솔。
The attacks aiming at Web service applications within the past several years have become more widely -propagated , and the present attack detection algorithms mostly use the supervision study to determine the border be -tween normal the behavior and attack behavior;however , for the supervision and detection model , before the detec-tion, a complex studying process is necessary , this will lower the practical effects of the system .Therefore , on the basis of the realistic difference between the normal visit specimen and the attack specimen on the aspects of quantity and distribution, an unsupervised detection algorithm based on text clustering is proposed .In the algorithm, firstly, the iteratively clustered process is applied to cluster specimens , until reaching a category;in addition , according to the distribution law of the abnormal and normal specimens , in the clustering process , the optimal maximum catego-ry is considered as the normal specimen category and the others are considered as an abnormal specimen category . The optimal scheme is determined on the basis of the principle of the minimum classification error .The experiment shows that , in comparison with many traditional detection methods , the method used in this paper omits complex study processes and improves adaptability;the detection rate and the false positive rate are excellent .