Abstract: With the fastevolving cyber threat landscape, how to transform the limited signaturebased preventing and detecting method to defend against the everchanging cyber attacks has become the priority of cybersecurity defense in the new era. The only effective way to combat cyber attacks lies in the improved detection, monitoring and traceability of attackers. Beijing AISec proposes the correation analysis detection by intelligent algorithms, which based on the Netflow and sFlow protocol field fusion. This method firstly overcomes the disadvantages of the data limitation of a singular network protocol, and reduces the network data storage capacity and the running hosts CPU load rate. Secondly, by utilizing the intelligent algorithms, precise detection of attacking behaviors become realized. Lastly, by applying the concepts of Web application attack lifecycle, the detection result is able to be visualized explicitly.

Key words: Web application attack lifecycle, correlation analysis, correlation principles, network flow techniques, Web application security, big data

摘要： 网络安全新形势下，如何改变基于有限特征库来抵御变幻莫测的网络攻击的状况，成为新时代安全防御的主题.提高检测、监测和溯源能力攻击者的蛛丝马迹是当前唯一途径.针对高检测、监测和溯源能力，安赛创想科技提出了在Netflow和sFlow这2种协议字段融合的前提下，通过智能算法集进行关联分析检测.该方法首先克服了单一网络协议的数据局限性的弊端，降低了网络数据存储量和运行主机的CPU负载率；其次运用智能算法集，精确判断出攻击行为；最后运用Web应用攻击周期理念，将检出结果清晰展现.

关键词: Web应用攻击周期, 关联分析, 关联规则, 网络流技术, Web应用安全, 大数据