轻量级词典协同记忆聚焦处理的Web攻击检测研究  被引量：1

作　　者：刘拥民[1,2] 黄浩 石婷婷 欧阳金怡[1,2] 刘翰林 谢铁强 LIU Yongmin;HUANG Hao;SHI Tingting;OUYANG Jinyi;LIU Hanlin;XIE Tieqiang(College of Computer and Information Engineering,Central South University of Forestry and Technology,Changsha 410004,China;Cloud Research Center of Smart Forestry,Central South University of Forestry and Technology,Changsha 410004,China)

机构地区：[1]中南林业科技大学计算机与信息工程学院,长沙410004 [2]中南林业科技大学智慧林业云研究中心,长沙410004

出　　处：《重庆理工大学学报（自然科学）》2023年第3期172-182,共11页Journal of Chongqing University of Technology：Natural Science

基　　金：国家自然科学基金项目(31870532);湖南省自然科学基金项目(2021JJ31163);湖南省教育科学“十三五”规划基金项目(XJK20BGD048);湖南省教育厅科研项目(18C0679)。

摘　　要：使用深度学习模型检测Web攻击,输入完整的HTTP文本会使词典增大,进而导致模型参数过载,增加存储成本。此外,攻击载荷的位置不确定性及语义复杂性会导致漏报率高。针对模型参数过载和漏报攻击载荷问题,提出了一种基于轻量级词典协同记忆聚焦处理模型的Web攻击检测方法。生成轻量级词典,结合轻量级词典的预处理规则,依次执行保留、替换、添加、丢弃等操作预处理HTTP文本,减轻参数过载问题。结合基于双向长短时记忆和多头注意力机制的记忆聚焦处理模型,提高记忆能力和对攻击载荷的聚焦处理能力以降低漏报率。在模拟数据集上新方法的准确率为98.66%,比URL_WORD+GRU提高了3.19百分点,在检测的攻击类型中,最低的漏报率为0.60%。实验结果表明:新方法能有效解决参数过载问题,提高检测准确率,同时降低漏报率。A deep learning model is used to detect Web attacks and full HTTP texts are input to make the vocabulary larger,which causes model parameter overloads and increases storage costs.In addition,location uncertainty and semantic complexity of the attack payloads lead to a higher missing alarm rate.To solve the problems of model parameter overloads and missing attack payloads,this paper proposes a Web attack detection method based on the lightweight vocabulary cooperative memory focus processing model.Firstly,this novel method generates a lightweight vocabulary.Secondly,in combination with the preprocessing rules of the lightweight vocabulary,it preprocesses the HTTP texts according to the preprocessing rules likes aving,replacement,addition and discarding to reduce parameter overloads.Finally,this method uses a memory focus processing model based on bidirectional long and short term memory and the multi-head attention mechanism,which improves the memory ability and the focus processing ability of the attack loads to reduce the missing alarm rate.In the Simulation Dataset,the accuracy rate of this novel method is 98.66%,which is 3.19%higher than that of URL_WORD+GRU.Among the detected attack types,the lowest missing alarm rate is 0.60%.The experimental results demonstrate that the novel method can effectively alleviateparameter overloads,improve the detection accuracy and reduce the missing alarm rate.

关 键 词：Web攻击检测 文本预处理 多头注意力机制 聚焦处理 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]