Cross-site script attack detection method based on improved fast Text

Abstract

The invention relates to the technical field of network information, in particular to an improved fast Text-based cross-site script attack detection method. The method comprises the following steps of: preprocessing data, restoring an object character string into an original character string, and extracting a target request field; performing matching detection on the target request field according to an XSS rule; carrying out deduction and prediction on the target request field by utilizing fastTest modeling; and performing OR operation on the inferred prediction result to obtain a final detection result. The invention provides an XSS attack detection method based on word-level and character-level word vector fusion of different granularities on the basis of a text classification fast Text technology in allusion to a scene with a high real-time requirement of a website application-level intrusion prevention system, solves the OOV problem, and alleviates the concept distribution drift problem; a regularization factor is introduced to improve a fast Text loss function, so the problem of easiness in overfitting is solved, and a feasible solution is provided for the situation that a knowledge-driven rule engine of a website application-level intrusion prevention system cannot discover an XSS attack of an unknown normal form.

Description

technical field [0001] The invention relates to the technical field of network information, in particular to a cross-site scripting attack detection method based on improved fastText. Background technique [0002] Cross Site Scripting (Cross Site Scripting, also known as XSS) refers to exploiting website vulnerabilities to maliciously steal information from users. The detection of such attacks has been the focus of the industry in recent years. [0003] Existing cross-site scripting attack detection methods generally have two types of ideas: knowledge-driven and data-driven. [0004] (1) Driven by knowledge. This type of method is simple and fast, and it detects by querying expert experience rules and data knowledge bases, but it is difficult to defend against unknown attacks outside the rules and knowledge bases. [0005] (2) Driven by data. This type of method is generally based on machine learning or deep learning technology, requires a lot of feature engineering, and ...

AI Technical Summary

Problems solved by technology

[0007] (1) The traditional cross-site scripting attack detection method based on deep learning mainly includes two stages and models: vectorization and classification, and the model is usually complex, so the speed is slow

[0008] (2) The traditional classification method is characterized by word-level (word granularity), and the accuracy depends on the richness of the training set. Because the word granularity is large, there is an OOV (Out Of Vocabulary) problem in the actual environment, which brings leakage. report

[0009] (3) During the use of fastText, the loss function does not have a regularization constraint item, and overfitting will occur, which is prone to false positives

[0010] Therefore, there is no particularly practical and effective method in the existing network information security field, which can quickly and effectively detect cross-site scripting attacks; therefore, it is necessary to propose a more reasonable technical solution to improve the problems existing in the existing technology

Images