一个用于Java应用程序运行时保护的混合系统  

作　　者：江昊 刘成杰 文伟平[1] JIANG Hao;LIU Chengjie;WEN Weiping(School of Software&Microelectronics,Peking University,Beijing 100091,China)

机构地区：[1]北京大学软件与微电子学院,北京100091

出　　处：《信息网络安全》2025年第1期134-147,共14页Netinfo Security

基　　金：国家自然科学基金[61872011]。

摘　　要：近年来,应用程序运行时自我保护RASP技术作为一种嵌入式防护机制,广泛应用于检测和防御Web应用程序中的常见攻击,如SQL注入、跨站脚本XSS攻击以及Java反序列化攻击。然而,现有RASP系统多采用基于黑名单的检测方法,容易被绕过且难以应对新型攻击。为此,文章提出一种混合系统HP-RASP,该系统结合启发式规则和深度学习模型,在应用程序运行时提供自适应的安全保护。文章将BERT模型引入RASP系统,用于分析和检测SQL注入攻击,同时通过对常见方法调用栈进行监控和黑名单匹配,防御XSS和反序列化攻击。HP-RASP利用Java插桩技术,动态插入关键类和方法的监控逻辑,实现对Web请求的实时分析。文章在多个开源数据集上评估了该系统的检测性能,并将其与当前主流RASP系统OpenRASP进行了对比。实验结果表明,在检测准确率、性能开销和系统鲁棒性方面,HP-RASP相较现有方案均有显著提升;在SQL注入方面,准确率达到81.9%,比OpenRASP提升了1.84倍,召回率和F1分数也显著高于OpenRASP;在XSS防护方面,HP-RASP对反射型XSS和存储型XSS的召回率均达到99.9%,对反序列化攻击的召回率达到84.6%;在响应时间和资源消耗方面,HP-RASP表现良好,并未显著增加响应时间和资源消耗。In recent years,Runtime Application Self-Protection(RASP)has emerged as an embedded defense mechanism widely used to detect and prevent common web application attacks,such as SQL injection,cross-site scripting(XSS),and Java deserialization attacks.However,existing RASP systems often rely on blacklist-based detection,which is prone to evasion and struggles against novel threats.This paper introduced a hybrid system,HPRASP,which combined heuristic rules and deep learning models to provide adaptive security at runtime.Notably,it incorporated a BERT model into the RASP framework to analyze and detect SQL injection attacks,while employing stack monitoring and blacklist matching to defend against XSS and deserialization attacks.HP-RASP used Java instrumentation to dynamically insert monitoring logic into critical classes and methods,enabling realtime analysis of web requests.The system was evaluated on multiple open-source datasets and compared to the current mainstream RASP system,OpenRASP.Experimental results demonstrate significant improvements in detection accuracy,performance overhead,and robustness over existing approaches.For SQL injection,HP-RASP achieved an accuracy of 81.9%,1.84 times higher than OpenRASP,with recall and F1 scores also notably surpassing OpenRASP.For XSS protection,HP-RASP achieved a 99.9%recall rate for both reflective and stored XSS attacks,and an 84.6%recall rate for deserialization attacks.HP-RASP also performed well in terms of response time and resource consumption,without significant increases in either metric.

关 键 词：RASP BERT模型 软件安全 Java网络应用程序 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]