重庆理工大学学报(自然科学) ›› 2023, Vol. 37 ›› Issue (3): 172-182.

• 信息·计算机 • 上一篇    下一篇

轻量级词典协同记忆聚焦处理的 Web攻击检测研究

刘拥民,黄 浩,石婷婷   

  1. (1.中南林业科技大学 计算机与信息工程学院,长沙 410004; 2.中南林业科技大学 智慧林业云研究中心,长沙 410004
  • 出版日期:2023-04-26 发布日期:2023-04-26
  • 作者简介:刘拥民,男,博士,教授,主要从事深度学习与网络安全研究,Email:t20040550@csuft.edu.cn。

Research on Web attack detection based on lightweightvocabulary cooperative memory focus processing

  • Online:2023-04-26 Published:2023-04-26

摘要: 使用深度学习模型检测 Web攻击,输入完整的 HTTP文本会使词典增大,进而导致 模型参数过载,增加存储成本。此外,攻击载荷的位置不确定性及语义复杂性会导致漏报率高。 针对模型参数过载和漏报攻击载荷问题,提出了一种基于轻量级词典协同记忆聚焦处理模型的 Web攻击检测方法。生成轻量级词典,结合轻量级词典的预处理规则,依次执行保留、替换、添 加、丢弃等操作预处理 HTTP文本,减轻参数过载问题。结合基于双向长短时记忆和多头注意 力机制的记忆聚焦处理模型,提高记忆能力和对攻击载荷的聚焦处理能力以降低漏报率。在模 拟数据集上新方法的准确率为 98.66%,比 URL_WORD+GRU提高了 3.19百分点,在检测的 攻击类型中,最低的漏报率为 0.60%。实验结果表明:新方法能有效解决参数过载问题,提高 检测准确率,同时降低漏报率。

关键词: :Web攻击检测, 文本预处理, 多头注意力机制, 聚焦处理

Abstract: A deep learning model is used to detect Web attacks and full HTTP texts are input to make the vocabulary larger, which causes model parameter overloads and increases storage costs. In addition, location uncertainty and semantic complexity of the attack payloads lead to a higher missing alarm rate. To solve the problems of model parameter overloads and missing attack payloads, this paper proposes a Web attack detection method based on the lightweight vocabulary cooperative memory focus processing model. Firstly, this novel method generates a lightweight vocabulary.Secondly, in combination with the preprocessing rules of the lightweight vocabulary, it preprocesses the HTTP texts according to the preprocessing rules likes aving, replacement, addition and discarding to reduce parameter overloads. Finally, this method uses a memory focus processing model based on bidirectional long and short term memory and the multi-head attention mechanism, which improves the memory ability and the focus processing ability of the attack loads to reduce the missing alarm rate. In the Simulation Dataset, the accuracy rate of this novel method is 98.66%, which is 3.19% higher than that of URL_WORD+GRU. Among the detected attack types, the lowest missing alarm rate is 0.60%. The experimental results demonstrate that the novel method can effectively alleviateparameter overloads, improve the detection accuracy and reduce the missing alarm rate.

中图分类号: 

  • TP393