摘要
SQL注入攻击是一种被攻击者广泛使用的网络攻击手段,严重威胁网络空间安全。传统的SQL注入攻击检测方法主要有基于规则和基于机器学习两种,这些方法存在泛用性较差且误报率高的问题。文章提出一种基于大语言模型的SQL注入攻击检测方法,利用提示工程和指令微调技术,得到SQL注入攻击检测专用大语言模型;通过分析迭代轮数、微调样本数以及推理参数对模型性能的影响,探索提升大语言模型检测能力的途径;依托大语言模型强大的语义理解能力,降低检测误报率。对文章所提的SQL注入攻击检测专用大语言模型在Kaggle数据集上进行实验分析,结果表明其准确率达到99.85%以上,误报率低于0.2%,F1值达到0.999,相较于目前较先进的SQL注入攻击检测方法,在检测性能上有较大提升。
The SQL injection attack,widely employed by attackers,poses a significant threat to cyberspace security.Traditional detection methods for SQL injection attacks include rule-based and machine learning-based method,suffering from limited applicability and high false positive rates.This paper proposed a large language model-based method for detecting SQL injection attacks.By applying prompt engineering and instruction finetuning techniques,a specialized large language model for SQL injection attack detection was developed;Additionally,the impact of iteration rounds,the number of fine-tuning samples and inference parameters on model performance was analyzed to enhance the detection capability of large language models;Leveraging the robust semantic understanding capability of the large language model significantly reduced the false positive rate.This paper conduct experimental analysis on a specialized large language model for SQL injection attack detection that we proposed,using the Kaggle dataset.The model achievedes an accuracy rate of over 99.85%,a false alarm rate of less than 0.2%,and an F1 score of 0.999.Compared to the current state-of-the-art methods for SQL injection attack detection,our model demonstrates a significant improvement in detection performance.
作者
黄恺杰
王剑
陈炯峄
HUANG Kaijie;WANG Jian;CHEN Jiongyi(College of Electronic Science and Technology,National University of Defense Technology,Changsha 410073,China)
出处
《信息网络安全》
CSCD
北大核心
2023年第11期84-93,共10页
Netinfo Security
基金
国家自然科学基金[62302508]
教育部-中国移动科研基金[MCM20200103]。
关键词
SQL注入攻击
攻击检测
大语言模型
提示工程
指令微调
SQL injection attack
attack detection
large language model
prompt engineering
instruction tuning