Computer Engineering and Applications ›› 2016, Vol. 52 ›› Issue (24): 148-152.

Previous Articles     Next Articles

Application of dendritic cell algorithm on Web server anomaly detection

WANG Xinxin, LIANG Yiwen   

  1. School of Computer, Wuhan University, Wuhan 430072, China
  • Online:2016-12-15 Published:2016-12-20

树突状细胞算法在Web服务器异常检测中的应用

王新新,梁意文   

  1. 武汉大学 计算机学院,武汉 430072

Abstract: Web server often suffers attack or heavy load into the abnormal state and is unable to respond to user requests. To solve the problem of low accuracy for anomaly detection methods, this paper introduces the DCA in the Web server’s anomaly detection, establishes the multi-level indicator system of server operation status, then gives the indicator system to the antigen, danger signals and security signals mapping definitions and describes the Web server anomaly detection method. Comparative experiments show that this method compared with the traditional statistical methods and K-means clustering method, possesses the advantages of high accuracy, low rate of false positives, and can effectively detect abnormal Web server.

Key words: server security, anomaly detection, Dendritic Cells Algorithm(DCA), indicator system

摘要: Web服务器常因遭受攻击或负载过大进入异常状态,无法响应用户请求。为解决已有异常检测方法准确率较低的问题,将DCA引入Web服务器的异常检测,建立Web服务器运行状态的多层次指标体系,给出指标体系针对抗原、危险信号及安全信号的映射定义,描述了Web服务器异常检测的方法。对比实验表明该方法较传统的统计学方法及K-means聚类方法,具有准确率高、误报率低的优点,能够有效检测Web服务器异常。

关键词: 服务器安全, 异常检测, 树突状细胞算法(DCA), 指标体系