轻量级词典协同记忆聚焦处理的Web攻击检测研究

Research on Web attack detection based on lightweight vocabulary cooperative memory focus processing

使用深度学习模型检测Web攻击,输入完整的HTTP文本会使词典增大,进而导致模型参数过载,增加存储成本。此外,攻击载荷的位置不确定性及语义复杂性会导致漏报率高。针对模型参数过载和漏报攻击载荷问题,提出了一种基于轻量级词典协同记忆聚焦处理模型的Web攻击检测方法。生成轻量级词典,结合轻量级词典的预处理规则,依次执行保留、替换、添加、丢弃等操作预处理HTTP文本,减轻参数过载问题。结合基于双向长短时记忆和多头注意力机制的记忆聚焦处理模型,提高记忆能力和对攻击载荷的聚焦处理能力以降低漏报率。在模拟数据集上新方法的准确率为98.66%,比URL_WORD+GRU提高了3.19百分点,在检测的攻击类型中,最低的漏报率为0.60%。实验结果表明:新方法能有效解决参数过载问题,提高检测准确率,同时降低漏报率。

A deep learning model is used to detect Web attacks and full HTTP texts are input to make the vocabulary larger,which causes model parameter overloads and increases storage costs.In addition,location uncertainty and semantic complexity of the attack payloads lead to a higher missing alarm rate.To solve the problems of model parameter overloads and missing attack payloads,this paper proposes a Web attack detection method based on the lightweight vocabulary cooperative memory focus processing model.Firstly,this novel method generates a lightweight vocabulary.Secondly,in combination with the preprocessing rules of the lightweight vocabulary,it preprocesses the HTTP texts according to the preprocessing rules likes aving,replacement,addition and discarding to reduce parameter overloads.Finally,this method uses a memory focus processing model based on bidirectional long and short term memory and the multi-head attention mechanism,which improves the memory ability and the focus processing ability of the attack loads to reduce the missing alarm rate.In the Simulation Dataset,the accuracy rate of this novel method is 98.66%,which is 3.19%higher than that of URL_WORD+GRU.Among the detected attack types,the lowest missing alarm rate is 0.60%.The experimental results demonstrate that the novel method can effectively alleviateparameter overloads,improve the detection accuracy and reduce the missing alarm rate.