Research on lightweight web intrusion active defense key technology and visual measurement model based on dynamic ip black list

Abstract

In view of the existing passive detection and prevention methods and lack of commercial products are expensive and complex deployment problem of a simple and fast active defense technology of WEB dynamic real-time active defense, in order to solve the problem of attack and defense for WEB server. Firstly, based on reverse proxy massive WAF logs, the mathematical model of user access behavior is established, and the behavior characteristics of malicious WEB attacks are studied through data mining analysis. Then, a threat factor algorithm and a dynamic IP blacklist generation algorithm are designed based on these features and a custom rule base. Finally, based on visual measurement model, D3 WEB visualization technology is used to monitor and measure WEB intrusion. The technology reduces the false alarm and false positive rate of active defense, improves the defense effect and execution efficiency, and ensures the quality of normal network communication.