基于卷积门控循环神经网络的Web攻击检测方法  被引量：5

作　　者：周桥 翟江涛 荚东升 孙浩翔 ZHOU Qiao;ZHAI Jiangtao;JIA Dongsheng;SUN Haoxiang(School of Electronics and Engineering,Nanjing University of Information Science and Technology,Nanjing Jiangsu 210044,China)

机构地区：[1]南京信息工程大学电子与信息工程学院,江苏南京210044

出　　处：《广西师范大学学报（自然科学版）》2023年第6期51-61,共11页Journal of Guangxi Normal University:Natural Science Edition

基　　金：国家自然科学基金(61931004,62072250);国家重点研发计划项目(2021QY0700)。

摘　　要：针对Web应用程序的攻击一直是网络空间对抗的热点问题,随着Web攻击技术的不断发展,传统的入侵检测系统和Web应用防火墙越来越无法满足安全防护需求。针对攻击者在Web请求中嵌入可执行代码或注入恶意代码来构造各种Web攻击,本文设计一种基于特征融合的恶意Web请求检测卷积门控循环单元(CGRU)神经网络。该网络利用CNN捕捉网络事件的局部特征和高阶特征,摒弃了传统的池化方法,采用GRU代替原有的池化层在时间维度上进行特征采集。同时,为了提高检测性能,筛选传统机器学习中在Web攻击检测领域分类效果较好的9个统计特征来增强原始特征。此外,还使用Word2Vec模型对词嵌入矩阵进行预训练,获得CGRU模型的输入,并对最终结果进行分类,有效提高多分类精度。在公开的HTTP CSIC 2010数据集上与当前典型方法进行对比实验,结果表明:本文所提方法的准确率为99.81%,召回率为99.78%,F_(1)值为98.80%,精准率为99.81%,较当前典型方法均有提高。Web application attacks have always been a hot issue in cyberspace.With the continuous development of Web attack techniques,traditional intrusion detection systems and Web application firewalls are increasingly unable to meet the security protection needs.A Convolutional Gated Recurrent Unit(CGRU)neural network for detecting malicious Web requests based on feature fusion is proposed in this paper.The local features and high-order features of network events were captured by the designed network using CNN,traditional pooling methods are abandoned,and GRU is employed to collect features in the time dimension,replacing the original pooling layer.In addition,to improve detection performance,nine traditional machine learning statistical features are selected to complement the original features that perform effectively in web attack detection.Furthermore,the Word2Vec model is utilized to pretrain the word embedding matrix and obtain the input of CGRU model,which enables final results to be classified and facilitated the improvement of multi-classification accuracy.The proposed method is compared with current typical methods on the public HTTP CSIC 2010 dataset,and the results show that the accuracy,recall,F_(1)-score,and precision of the proposed method are 99.81%,99.78%,98.80%,and 99.81%,respectively,which are all improved compared with the existing methods.

关 键 词：网络攻击 Web攻击检测 神经网络 门控循环单元 特征融合 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术] TP183[自动化与计算机技术—计算机科学与技术]