ارائه یک مدل تحلیل رفتار مرورگری برای تشخیص روبات‌های وب مخرب در حملات منع خدمت توزیعی

نویسندگان

1 علم و صنعت ایران

2 دانشگاه علم و صنعت ایران

3 دانشیار، دانشکده مهندسی کامپیوتر، دانشگاه علم و صنعت ایران

چکیده

حملات منع خدمت توزیعی، یکی از مهم‌ترین تهدیدات دنیای تجارت الکترونیکی بوده و هدف اصلی آن جلوگیری از دسترسی کاربران به سایت‌ها و منابع اینترنتی از طریق مصرف بیش از حد منابع است. در این حملات، مؤلفه امنیتی دسترس‌پذیری، هدف تهاجم قرار می‌گیرد. یکی از روش‌های نیل به این هدف، به‌کارگیری روبات‌های وب است که حمله‌گران با استفاده از این روبات‌های مخرب، حملات منع خدمت در لایه کاربرد را طراحی و اجرا می‌نمایند. برای تشخیص این‌گونه روبات‌های مخرب از سایر روبات‌های غیرمخرب، از روش‌های گوناگونی استفاده شده است. یکی از روش‌هایی که در سال‌های اخیر مورد توجه قرار گرفته، یادگیری ماشین و داده‌کاوی است. محور اصلی این روش‌ها، استخراج و انتخاب خصیصه‌های مناسب جلسات وب از داده‌های ثبت رویداد و به‌کارگیری الگوریتم‌های داده‌کاوی است. این تحقیق سعی دارد تا با توجه به پویایی و سفارشی بودن طراحی و اجرای حملات منع خدمت توزیعی برای هر سایت، یک ساز وکار دفاعی پویا با قابلیت سفارشی‌سازی برای تشخیص روبات‌های وب مخرب مشارکت‌کننده در حملات، با استفاده از تحلیل رفتار مرورگری آن‌ها ارائه دهد. در این مطالعه، ضمن بهینه‌سازی روش‌های قبلی تعیین جلسات وب، استخراج مجموعه خصیصه‌ها براساس ویژگی‌های حملات دی‌داس انجام گرفت. همچنین پالایش خصیصه‌های استخراجی و انتخاب مجموعه خصیصه‌های کارا، باعث کاهش زمان ساخت مدل گردید و در نتیجه، دو درصد افزایش کارایی در مقایسه با بهترین تحقیق مشابه به دست آمد.

کلیدواژه‌ها


C. Wilson, “Botnets, cyber crime, and cyber terrorism: Vulnerabilities and policy issues for congress,” Washington, DC, 2008.
D. Doran and S. S. Gokhale, “Web robot detection techniques: overview and limitations,” Data Min. Knowl. Disc., vol. 22, no. 1-2, pp. 183-210, 2011.
T. Kabe and M. Miyazaki, “Determining WWW user-agents from server access log,” in Proceedings of seventh international conference on parallel and distributed systems, 2000.
P. Huntington, D. Nicholas, and H. R. Jamali, “Web robot detection in the scholarly information environment,” Journal of Information Science, vol. 34, no. 5, pp. 726-741, 2008.
N. Geens, J. Huysmans, and J. Vanthienen, “Evaluation of Web robot discovery techniques: a benchmarking study,” Lecture notes in computer science, vol. 4065, no. 1, pp. 121-130, 2006.
W. Guo, S. Ju, and Y. Gu, “Web robot detection techniques based on statistics of their requested URL resources,” in Proceedings of ninth international conference on computer supported cooperative work in design, 2005.
O. M. Duskin and D. G. Feitelson, “Distinguishing humans from robots in web search logs: preliminary results using query rates and intervals,” in Proceedings of 2009 workshop on Web Search Click Data, 2009.
X. Lin, L. Quan, and H. Wu, “An Automatic Scheme to Categorize User Sessions in Modern HTTP Traffic,” in Proceedings of IEEE global telecommunications conference, 2008.
P. N. Tan and V. Kumar, “Discovery of Web Robot Sessions Based on their Navigational Patterns,” Data Mining and Knowledge Discovery, vol. 6, no. 1, pp. 9-35, 2002.
C. Bomhardt, W. Gaul, and L. Schmidt-Thieme, “Web Robot Detection - Preprocessing Web Log Files for Robot Detection,” New Developments in Classification and Data Analysis, vol. 1, no. 1, pp. 113-124, 2006.
A. Stassopoulou and M. D. Dikaiakos, “Web robot detection - A probabilistic reasoning approach,” Computer Networks, vol. 53, no. 3, pp. 265-278, 2009.
W.-Z. Lu and S.-Z. Yu, “Web Robot Detection Based on Hidden Markov Model,” in Proceedings of international conference on communications, circuits and systems, 2006.
D. Stevanovic, A. An, and N. Vlajic, “Feature evaluation for web crawler detection with data mining techniques,” Expert Systems with Applications, vol. 39, no. 10, pp. 8707-8717, 2012.
D. Stevanovic, N. Vlajic, and A. An, “Detection of malicious and non-malicious website visitors using unsupervised neural network learning,” Applied Soft Computing, vol. 13, no. 1, pp. 698–708, 2013.
L. V. Ahn and et al., “CAPTCHA: Using Hard AIP Problems for Security,” in Proceedings of Eurocrypt, 2003.
K. Park and et al., “Securing Web Service by Automatic Robot Detection,” in Proceedings of the annual conference on USENIX ’06 annual technical conference, 2006.
D. Stevanovic and N. Vlajic, “An Integrated Approach to Defence Against Degrading Application-Layer DDoS Attacks,” Toronto, Canada, 2013.
H. Liu and V. Keselj, “Combined mining of Web server logs and web contents or classifying user navigation patterns and predicting users’ future requests,” Data & Knowledge Engineering, vol. 61, no. 2, pp. 304–330, 2007.
2015. [Online]. Available: http://www.botsvsbrowsers.com/.
2015. [Online]. Available: http://www.user-agents.org/.
2015. [Online]. Available: http://www.useragentstring.com/.
K. Selvakuberan, M. Indradevi, and R. Rajaram, “Combined Feature Selection and classification – A novel approach for the categorization of web pages,” Journal of Information and Computing Science, vol. 3, no. 2, pp. 83-89, 2008.
L. Yu and H. Liu, “Feature Selection for High-Dimensional Data: A Fast Correlation-Based Filter Solution,” in Proceedings of the Twentieth International Conference on Machine Learning (ICML), Washington DC, 2003.
M. Aggarwal and Amrita, “Performance Analysis of Different Feature Selection Methods In Intrusion Detection,” International Journal of Scientific & Technology Research, vol. 2, no. 6, pp. 255-231, June 2013.
I. H. Witten, E. Frank, and M. A. Hall, “Data Mining: Practical Machine Learning Tools and Techniques,” Burlington: Morgan Kaufmann - Elsevier, 2011.
P. N. Tan, M. Steinbach, and V. Kumar, “Introduction to Data Mining,” Pearson Education, Inc., 2006.
“Denial of Service Attacks,” [Online]. Available: http://www.cert.org/tech_tips/denial_of_service.html.
C. M. Patel, “Survey On Taxonomy of DDoS Attacks With Impact And Mitigation Techniques,” International Journal of Engineering Research & Technology (IJERT), vol. 2, no. 9, pp. 1-8, 2012.
C. Douligeris and A. Mitrokotsa, “DDoS attacks and defense mechanisms: classification and state-of-the-art,” Computer Networks, vol. 44, pp. 643-666, 2004.
“Trends in Denial of Service Technology,” [Online]. Available: http://www.cert.org/archive/pdf/DoS_trends.pdf.
H.-V. Nguyen and Y. Choi, “Proactive Detection of DDoS Attacks Utilizing k-NN Classifier in an Anti-DDoS Framework,” International Journal of Electrical and Electronics Engineering, vol. 4, no. 4, pp. 247-252, 2010.
K. Lee and et al., “DDoS Attack Detection Method Using Cluster Analysis,” Expert Systems with Applications, vol. 34, no. 3, pp. 1659-1665, 2008.
J. Mirkovic and P. Reiher, “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39-53, 2004.
P. Zaroo, “A Survey of DDoS attacks and some DDoS defense mechanisms,” Advanced Information Assurance (CS 626), 2002.
C. Wilson, “Botnets, cybercrime, and cyberterrorism: Vulnerabilities and policy issues for congress,” Washington, DC, 2008.
J. Mirkovic, J. Martin, and P. Reiher, “A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms,” Los Angeles, 2002.
T. Peng, L. Christopher, and K. Ramamohanarao, “Survey of network-based defense mechanisms countering the DoS and DDoS problems,” ACM Computing Survey, vol. 39, no. 1, pp. 1-42, 2007.
K. Arora, K. Kumar, and M. Sachdeva, “Impact Analysis of Recent DDoS Attacks,” International Journal on Computer Science and Engineering (IJCSE), vol. 3, no. 2, pp. 877-884, 2011.
M. H. Bhuyan and et al., “Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions,” The Computer Journal, 2012.
S. Noel, D. Wijesekera, and C. Youman, “Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt,” in Applications of Data Mining in Computer Security, George Mason, Kluwer Academic Publishers, pp. 1-31, 2003.
P. M. HallamBaker and B. Behlendorf, 2015. [Online]. Available: http://www.w3.org/TR/WDlogfile.html.
J. Lee and et al., “Classification of web robots: An empirical study based on over one billion requests,” computers & security, vol. 28, pp. 795–802, 2009.
Z. Chen and W. Feng, “Detecting Impolite Crawler by using Time Series Analysis,” in IEEE 25th International Conference on Tools with Artificial Intelligence (ICTAI), pp. 123-126, 2013.
X. Sun and et al., “Feature selection using dynamic weights for classification,” Knowledge-Based Systems, vol. 37, no.1, pp. 541–549, 2013.