基于时序网络的SQL注入攻击检测技术  

SQL Injection Attack Detection Technology Based on Timing Network

在线阅读下载全文

作  者:孟心炜 曾天宝 谢波 张中延 MENG Xinwei;ZENG Tianbao;XIE Bo;ZHENG Zhongyan(School of Mathematics and Statistics,Central China Normal University,Wuhan 430079;Hubei Business College,Wuhan 430079;Wuhan Institute of Digital Engineering,Wuhan 430205;School of Mechanical Engineering,Huazhong University of Science and Technology,Wuhan 430074)

机构地区:[1]华中师范大学数统学院,武汉430079 [2]湖北商贸学院,武汉430079 [3]武汉数字工程研究所,武汉430205 [4]华中科技大学机械学院,武汉430074

出  处:《计算机与数字工程》2024年第10期3037-3041,3078,共6页Computer & Digital Engineering

摘  要:随着现代信息技术的飞速发展,多年来,注入漏洞一直是开放Web应用程序安全项目前10名的首位,并且是针对Web应用程序最具破坏性和被广泛利用的漏洞类型之一。由于攻击负载的异构性、攻击方法的多样性和攻击模式的多样性,结构化查询语言(SQL)注入攻击检测仍然是一个具有挑战性的问题。目前,市面上主流的SQL注入检测工具大多基于既定规则,无法应对不断变化的挑战。对此,论文提出一种深度学习方法,使用上下文嵌入模型(BERT)进行数据集特征提取,然后使用BiLSTM的序列建模能力进一步处理序列数据,捕捉前后文的依赖关系和语义关系,最后使用注意力机制作为分类算法。实验表明,所提算法在检测性能方面有显著的改进。With the rapid development of modern information technology,injection vulnerabilities have been at the top of the top 10 of open Web application security projects for many years,and are one of the most damaging and widely exploited types of vul-nerabilities against Web applications.Structured query language(SQL)injection attack detection is still a challenging problem due to the heterogeneity of attack loads,the diversity of attack methods and the diversity of attack modes.At present,most of the main-stream SQL injection detection tools on the market are based on established rules and cannot meet the changing challenges.In this regard,this paper proposes a deep learning method,which uses context embedding model(BERT)to extract data set features,then uses BiLSTM's sequence modeling capability to further process sequence data,capture contextual dependencies and semantic rela-tionships,and finally uses attention mechanism as a classification algorithm.Experiments show that the proposed algorithm has a re-markable improvement in detection performance.

关 键 词:深度学习 SQL注入攻击 BERT 注意力机制 

分 类 号:TP391.1[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象