Find in Library

<p>The possibility of applying machine learning for the classification of malicious requests to a<br />Web application is considered. This approach excludes the use of deterministic analysis systems (for example, expert systems),<br />and is based on the application of a cascade of neural networks or perceptrons on an approximate model to the real human<br />brain. The main idea of the work is to enable to describe complex attack vectors consisting of feature sets, abstract terms for<br />compiling a training sample, controlling the quality of recognition and classifying each of the layers (networks) participating<br />in the work, with the ability to adjust not the entire network, but only a small part of it, in the training of which a mistake or<br />inaccuracy crept in. The design of the developed network can be described as a cascaded, scalable neural network.<br />When using neural networks to detect attacks on web systems, the issue of vectorization and normalization of features is<br />acute. The most commonly used methods for solving these problems are not designed for the case of deliberate distortion of<br />the signs of an attack.<br />The proposed approach makes it possible to obtain a neural network that has been studied in more detail by small features,<br />and also to eliminate the normalization issues in order to avoid deliberately bypassing the intrusion detection system. By<br />isolating one more group of neurons in the network and teaching it to samples containing various variants of circumvention of<br />the attack classification, the developed intrusion detection system remains able to classify any types of attacks as well as their<br />aggregates, putting forward more stringent measures to counteract attacks. This allows you to follow the life cycle of the<br />attack in more detail: from the starting trial attack to deliberate sophisticated attempts to bypass the system and introduce<br />more decisive measures to actively counteract the attack, eliminating the chances of a false alarm system.</p>