Unlock instant, AI-driven research and patent intelligence for your innovation.

A web attack detection method, system, medium and device

A technology for attack detection and test samples, applied in the field of Web attack detection, can solve problems such as difficult to have interpretability, samples, and labels required

Active Publication Date: 2021-10-22
CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] This application provides a web attack detection method, system, medium and equipment to solve the problems in the prior art that require label samples and are difficult to have interpretability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A web attack detection method, system, medium and device
  • A web attack detection method, system, medium and device
  • A web attack detection method, system, medium and device

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment 1

[0039] Specific embodiment one: the embodiment of the present application is realized in the following way: a kind of Web attack detection method comprises:

[0040] Step 101: constructing a reconstruction error model based on the first positive sample;

[0041] Step 201: Calculate the error matrix corresponding to the second positive sample set according to all characters of the second positive sample, and calculate the threshold T;

[0042] Step 301: According to the reconstruction error model, calculate the corresponding probability P of each character in the output test sample set nj ; Wherein, the test sample set includes n HTTP sample strings, each HTTP sample string includes j characters, n, j are positive integers greater than 0;

[0043] For example: when the HTTP sample string length is 128, then j∈[1-128];

[0044] Step 401: Obtain the probability P through the Sparsemax function xj The corresponding sparse probability value H(P xj ); According to the sparse pro...

specific Embodiment 2

[0047] Specific embodiment two: On the basis of the above, the reconstruction error model construction training process in step 301 is: build an end-to-end model based on the training set, as follows figure 2 As shown, it contains three parts: encoder (Encoder), decoder (Decoder), sparse function Sparsemax. Both Encoder and Decoder are composed of multi-layer GRU neural network. In the training phase, learn from the idea of ​​the autoencoder, keep the input and output consistent, and train the model based on the reconstruction error. For example, after the model training is completed, encode the value corresponding to an HTTP request "GET / vulnbank / online / api.php HTTP / 1.1" [46,44,59,98,80,35,34,25,27, 15,14,27,24,80,28,27,25,22,27,18,80,14,29,22,79,29,21,29,98,47,59,59,55,80, 5,79,5,3] input to the reconstruction error model, the reconstruction error model will output the probability P of the character corresponding to the test set nj .

[0048] Step 3011: Randomly initial...

Embodiment 3

[0055] Embodiment 3: Calculate the xth P for the test sample set according to the reconstruction error model xj , the P xj =P x1 +P x2 +......+P xy , P nj =P 1j +P 2j +......+P xj Among them, 0xy )j p j *logp j . The comparison curve of the two functions is as follows Figure 4 As shown, the Sparsemax function can be expressed more sparsely. Its geometric diagram is as follows Figure 5 As shown: [0.5,0.3,0.2] represents the result of the Softmax function, which means that the output probability of the character at the first position is 0.5, and the output probabilities of the following characters are 0.3 and 0.2 respectively. Similarly, [0.7,0.2,0.1] represents the result of the Sparsemax function, and [1,0,0] represents the result of the step function. It can be seen from the above schematic diagram that Sparsemax has a sparser expression than the Softmax function, and is more effective for the expression of suspicious character regions.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

This application relates to the field of Web attack detection, and relates to a method, system, medium and equipment for Web attack detection. This application includes constructing a reconstruction error model based on the first positive sample; calculating the error matrix corresponding to the second positive sample set according to all characters of the second positive sample, and calculating the threshold T; according to the reconstruction error model, calculating the output test sample set The corresponding probability P of each character nj ; Through the Sparsemax function, the probability P is obtained nj The corresponding sparse probability value H(P nj ); According to the sparse probability value, corresponding to the xth HTTP sample string sample loss Loss in the test sample set xj ; when Loss xj >T, the xth HTTP sample string in the test sample set is abnormal. Based on the idea of ​​detecting first and then identifying, this application uses unsupervised learning to detect and discover abnormal requests and abnormal characters; then, uses regular classification and matching methods to identify attack types for detected suspicious characters.

Description

technical field [0001] The present application relates to the field of Web attack detection, and in particular, relates to a method, system, medium and equipment for Web attack detection. Background technique [0002] With the popularization of Internet technology, many business systems have been connected to the Internet, especially in the form of Web business systems, which greatly facilitates people's life and work needs. For example: government portals, e-commerce sites, online banking, etc. [0003] Since many enterprises and organizations connect their business systems to the Internet in the form of Web, there are valuable and sensitive information in their systems. Many malicious attackers take advantage of the lack of security mechanisms in the HTTP protocol and the loopholes in the programming process of Web applications to attack Web applications, profit from them or achieve their ulterior purposes. Common web attacks include: SQL injection attacks, XSS attacks, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08G06F16/906G06N3/08
CPCG06N3/084G06F16/906H04L63/1416H04L63/1433H04L63/1466H04L67/02
Inventor 胥小波范敏李含锐魏涌涛敖佳康英来
Owner CHINA ELECTRONICS TECH CYBER SECURITY CO LTD