摘要： 提出一种基于确定有限自动状态机(DFA)语法的网络攻击检测方法。正常的网络行为符合一定的语法规则，异常的行为会偏离正常的语法规则。通过对正常行为样本的学习得到基于DFA的语法，用学习得到的DFA模型检测针对网络服务器的应用层攻击。基于现实数据的对比实验表明该方法检测性能较好。

关键词: 网络安全, 入侵检测, 语法推断

Abstract: A DFA-based grammar model for detecting cyber attacks is proposed. Normal network behavior tends to follow regular grammar rules, while anomalies tend to deviate. The DFA-based model trained with normal network flow enables the efficient detection of cyber attacks against Web servers. The experiments based on real Web site data show its good detection performance.

Key words: network security, intrusion detection, grammar inference

中图分类号: 

• TP309