Malicious queries identification method based on XGBoost

徐迪

doi:10.13992/j.cnki.tetas.2018.12.005

Chinese

您当前的位置：

首页 >

文章列表页 >

Malicious queries identification method based on XGBoost

更新时间：2026-04-20

- Malicious queries identification method based on XGBoost
- Vol. 31, Issue 12, Pages: 22-27(2018)
- 作者机构：
  
  中移(杭州)信息技术有限公司
- 作者简介：
- 基金信息：
- DOI：10.13992/j.cnki.tetas.2018.12.005
  CLC： TP393.09
- Published：2018
- 稿件说明：
移动端阅览
[1]徐迪.一种基于XGBoost的恶意HTTP请求识别方法[J].电信工程技术与标准化,2018,31(12):22-27.

徐迪. Malicious queries identification method based on XGBoost[J]. 2018, 31(12): 22-27.
[1]徐迪.一种基于XGBoost的恶意HTTP请求识别方法[J].电信工程技术与标准化,2018,31(12):22-27. DOI： 10.13992/j.cnki.tetas.2018.12.005.

徐迪. Malicious queries identification method based on XGBoost[J]. 2018, 31(12): 22-27. DOI： 10.13992/j.cnki.tetas.2018.12.005.

摘要

针对现有的Web应用防火墙大多基于规则对恶意的HTTP请求进行检测

容易绕过且检测效率低下等问题

基于词袋模型聚类

提出一种改进的恶意HTTP请求检测方法。通过对已有的正常请求和恶意请求进行词袋和TF-IDF模型进行特征提取

并采用XGBoost分类算法对异常请求进行识别。实验结果表明

与随机森林、支持向量机等识别方法相比

该方法具有更好的异常HTTP请求识别效果。

Abstract

In view of the problem that most of the Web application fi rewalls detect malicious HTTP queries based on rules

which leads to easy bypass and low detection effi cient

an abnormal malicious HTTP queries identifi cation method based on BoW model clustering is proposed. By means of BoW and TF-IDF for existing abnormal queries and normal queries

it extract feature of HTTP queries. XGBoost classifi cation algorithm is used to detect abnormal traffi c. The experimental results show that this method has better recognition effect of abnormal queries compared with identification method based on random forest

support vector machine and others.

关键词

Keywords

references

基于Bagging策略的XGBoost算法在商品购买预测中的应用 [J]. 谢冬青,周成骥. 现代信息科技 . 2017(06)

基于词袋模型聚类的异常流量识别方法 [J]. 马林进,万良,马绍菊,杨婷. 计算机工程 . 2017(05)

基于Web客户端行为的统计异常检测方法研究 [D]. 刘海峰. 南京理工大学 2011

Interpreting TF-IDF term weights as making relevance decisions [J] . Ho Chung Wu,Robert Wing Pong Luk,Kam Fai Wong,Kui Lam Kwok. ACM Transactions on Information Systems （TOIS） . 2008 (3)

Internet traffic classification using bayesian analysis techniques [J] . Andrew W. Moore,Denis Zuev. ACM SIGMETRICS Performance Evaluation Review . 2005 (1)

Views

131

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Research and application of automatic load balancing method based on machine learning

Practice of machine learning in data analysis

Network quality of experience evaluation based on machine learning

Research on operators’ anti-fraud technology

Research and application of intelligent operation and maintenance（AIOps）under China Unicom distributed architecture

Related Author

张之栋

高瑜鸿

李连本

杜犇

刘兴旭

幸锋

郭莉

何凌

Related Institution

中国移动通信集团陕西有限公司

中国移动通信集团设计院有限公司陕西分公司

中国移动通信集团设计院有限公司

中国移动通信集团云南有限公司

中国移动通信集团广东有限公司

AI问答

Postal code：100079
Tel：（010）53879206 Email：tmw@bjxintong.com.cn
Technical support is provided by Beijing Founder electronics co., LTD 京ICP备09082226号-64 京公网安备11010602201714号
It is recommended to read the content of this site in Chrome&IE9+. Please switch to extreme mode in browser 360.
Cookies We use cookies to help provide and enhance our service and tailor content. By continuing, you agree to the use of cookies.

⁰