امنیت برنامه‌های کاربردی تحت وب با استفاده از ترکیب دسته‌بندهای تک‌کلاسی

جمالی فرد, امینه; شیرازی, حسین

امنیت برنامه‌های کاربردی تحت وب با استفاده از ترکیب دسته‌بندهای تک‌کلاسی

نویسندگان

¹ کارشناسی ارشد مهندسی کامپیوتر، دانشکده فرماندهی و کنترل، دانشگاه صنعتی مالک اشتر، تهران، ایران

² دانشیار، دانشکده فرماندهی و کنترل، دانشگاه صنعتی مالک اشتر، تهران، ایران

چکیده

بخش مهمی از آمادگی دفاعی کشور در شرایط تهدیدات نامتقارن، اتخاذ راهبردهای دفاعی غیرعامل در جهت کشف حملات سایبری دشمن به مراکز ثقل کشور و بالا بردن آستانه مقاومت ملی می‌باشد. برنامه‌های کاربردی تحت وب در کاربردهای حساس و محرمانه همواره در معرض تهدیدات امنیتی متعددی قرار دارند. تشخیص ناهنجاری رویکردی است که بر حملات جدید و ناشناخته تاکید دارد. در این مقاله روشی برای تشخیص ناهنجاری در برنامه‌های کاربردی تحت وب با استفاده از ترکیب دسته‌بندهای تک‌کلاسی پیشنهاد شده است. در مرحله آموزش بردارهای ویژگی استخراج شده مرتبط با هر درخواست HTTP، وارد سیستم شده و مدل درخواست عادی توسط هر دسته‌بند یادگیری می‌شود؛ سپس با استفاده از روش‌های مختلف ترکیب دسته‌بندهای تک‌کلاسی؛ بار دیگر مدل درخواست عادی HTTP یادگیری می‌شود. برای ترکیب دسته‌بندها از استراتژی‌های مختلف ترکیب، جهت تصمیم‌گیری گروهی استفاده شده است. استفاده از تصمیم‌گیری گروهی، معیارهای کارآیی سیستم تشخیص ناهنجاری را بخوبی بهبود ‌بخشیده است.

کلیدواژه‌ها

20.1001.1.23224347.1394.3.3.3.2

عنوان مقاله [English]

Web-based Military Management Systems Security Using Combination of One-class Classifiers

نویسندگان [English]

Amineh Jamali Fard ¹
Hossein Shirazi ²

¹ Master of Computer Engineering, School of Command and Control, Malik Ashtar University of Technology, Tehran, Iran

² Associate Professor, Faculty of Command and Control, Malik Ashtar University of Technology, Tehran, Iran

چکیده [English]

Cyber attacks against the web-based military command systems is very common in the age of
electronic warfare. Web application is one of the most widely used tools in the world wide web. Because of
its dynamic nature, it is vulnerable to serious security risks. Web-based command and control systems
security considerations are very important for the modern military managers. Anomaly based intrusion
detection is an approach that focuses on new and unknown attacks.
A method for anomaly detection in web applications using a combination of one-class classifiers, is
proposed. First, in preprocessing phase, normal HTTP traffic is logged and Features vector is extracted
from each HTTP request. The proposed method consists of two steps; In the training phase, the extracted
features vectors associated with each request, enter the system and the model of normal requests , using
combination of one-class classifiers, is learned. In the detection phase, anomaly detection operation is
performed on the features vector of each each HTTP request using learned model of the training phase.
S-OWA operator is used to combine the one-class classifiers. The data used for training and test are from
CSIC2012 dataset. Detection rate and false alarm rate obtained from experiments, shows better results than
other methods.

کلیدواژه‌ها [English]

Military Management
Web-Applications
Intrusion Detection
Combination of One-class Classifiers
S-OWA Operator

مراجع

[1] Iranian Passive Defense Organization, “Internet, the Newest and Most Effective Weapon,” [Online]: Available: http://paydarymelli.ir/fa/news /2499, Accessed: 2014.

[2] Iranian Passive Defense Organization “Cyber Wars in 21th Century,”[Online]:Available: http://paydarymelli.ir/fa/news/2472, Accessed: 2014.

[3] C. Kruegel and G. Vigna, “Anomaly Detection of Web-based Attacks,” In Proc of the 10th ACM Conference on Computer and Communications Security, ACM New York, pp. 251-261, 2003.

[4] H. T. Nguyen, “ Reliable Machine Learning Algorithms for Intrusion Detection Systems, Ph.D. dissertation, Dept. of Computer Science, Gjøvik University College, Gjøvik, Norway, 2012.

[5] C. Torrano‐Gimenez, H. T. Nguyen, G. Alvarez, and K. Franke, “Combining Expert Knowledge with Automatic Feature Extraction for Reliable Web Attack Detection,” Security and Communication Networks, vol. 8, pp. 2750-2767, August 2012.

[6] K. L. Ingham, “Anomaly Detection for HTTP Iintrusion Detection: Algorithm Comparisons and the Effect of Generalization on Accuracy,” Ph.D. dissertation, Dept. of Computer Science, The University of New Mexico, Albuquerque, USA, 2007.

[7] G. M. Nascimento, “Anomaly Detection of Web-based Attacks,” M. S. Thesis, Dept. of Computer Science, University of Lisbon, Lisbone, Portugal, 2010.
[8] V. Chandola, A. Banerjee, and V. Kumar, “Anomaly Detection: A survey,” ACM Computing Surveys (CSUR), vol. 41, p. 15, July 2009.

[9] D. M. J. Tax, “One-Class Classification,” Ph.d dissertation, Dept. of Computer Science, Delft University, Delft, Netherland, 2001.

[10] S. Khandelwal, P. Shah, M. K. Bhavsar, and S. Gandhi, “Frontline Techniques to Prevent Web Application Vulnerability,” International Journal of Advanced Research in Computer Science and Electronics Engineering (IJARCSEE), vol. 2, p. 208, 2013.

[11] X. Ling, J. Huang, and H. Zhang, “Advances in Artificial Intelligence: AUC: a Better Measure than Accuracy in Comparing Learning Algorithms,” Advances in Artificial Intelligence, vol. 267, no. 1, pp. 329-341, May 2003.

[12] M. Rahmanimanesh, “Anomaly Detection of Adhoc Networks Using Nodes Validation,” Ph.D dissertation, Dept. of Computer Engineering, Tarbiat Modares University, Tehran, Iran, 2013.

[13] M. Reformat and R. R. Yager, “Building ensemble classifiers using belief functions and OWA operators,” Soft Computing, vol. 12, pp. 543-558, April 2008.

[14] D. Filev and R. R. Yager, “On the Issue of Obtaining OWA Operator Weights Fuzzy Sets and Systems,” vol. 94, pp. 157-169, March 1998.

[15] C. Kruegel, G. Vigna, and W. Robertson, “A Multi-model Approach to the Detection of Web-based Attacks,” Computer Networks, vol. 48, pp. 717-738, August 2005.

[16] T. Berners-Lee, R. Fielding, and H. Frystyk, “Hypertext Transfer Protocol, HTTP/1.0”, 1996.

[17] A. P. Bradley, “The Use of the Area under the ROC Curve in the Evaluation of Machine Learning Algorithms,” Pattern recognition, vol. 30, pp. 1145-1159, July 1997.

[18] The HTTP Dataset CSIC2012, Department of Information Processing and Codification (T.I.C.), of the Institute of Applied Physics (I.F.A.), Spanish Scientific Research Council (C.S.I.C.), <http://iec.csic.es/dataset/>, 2012.

[19] D. M. J. Tax, “Dd tools 2012, the Data Description Toolbox for Matlab,” version 1.9.1.< http://prlab.tudelft.nl/david-tax/dd_tools.html >, 2013.