摘要
随着现代信息技术的飞速发展,多年来,注入漏洞一直是开放Web应用程序安全项目前10名的首位,并且是针对Web应用程序最具破坏性和被广泛利用的漏洞类型之一。由于攻击负载的异构性、攻击方法的多样性和攻击模式的多样性,结构化查询语言(SQL)注入攻击检测仍然是一个具有挑战性的问题。目前,市面上主流的SQL注入检测工具大多基于既定规则,无法应对不断变化的挑战。对此,论文提出一种深度学习方法,使用上下文嵌入模型(BERT)进行数据集特征提取,然后使用BiLSTM的序列建模能力进一步处理序列数据,捕捉前后文的依赖关系和语义关系,最后使用注意力机制作为分类算法。实验表明,所提算法在检测性能方面有显著的改进。
With the rapid development of modern information technology,injection vulnerabilities have been at the top of the top 10 of open Web application security projects for many years,and are one of the most damaging and widely exploited types of vul-nerabilities against Web applications.Structured query language(SQL)injection attack detection is still a challenging problem due to the heterogeneity of attack loads,the diversity of attack methods and the diversity of attack modes.At present,most of the main-stream SQL injection detection tools on the market are based on established rules and cannot meet the changing challenges.In this regard,this paper proposes a deep learning method,which uses context embedding model(BERT)to extract data set features,then uses BiLSTM's sequence modeling capability to further process sequence data,capture contextual dependencies and semantic rela-tionships,and finally uses attention mechanism as a classification algorithm.Experiments show that the proposed algorithm has a re-markable improvement in detection performance.
作者
孟心炜
曾天宝
谢波
张中延
MENG Xinwei;ZENG Tianbao;XIE Bo;ZHENG Zhongyan(School of Mathematics and Statistics,Central China Normal University,Wuhan 430079;Hubei Business College,Wuhan 430079;Wuhan Institute of Digital Engineering,Wuhan 430205;School of Mechanical Engineering,Huazhong University of Science and Technology,Wuhan 430074)
出处
《计算机与数字工程》
2024年第10期3037-3041,3078,共6页
Computer & Digital Engineering
