Cross-site scripting attack detection method based on improved fasttext
A technology of cross-site scripting attack and detection method, applied in the field of cross-site scripting attack detection based on improved fastText, can solve the problems of loss function without regularization constraints, large word granularity, easy to generate false positives, etc. Fitting and alleviating the effect of concept distribution drift
Active Publication Date: 2022-03-18
CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
View PDF3 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0007] (1) The traditional cross-site scripting attack detection method based on deep learning mainly includes two stages and models: vectorization and classification, and the model is usually complex, so the speed is slow
[0008] (2) The traditional classification method is characterized by word-level (word granularity), and the accuracy depends on the richness of the training set. Because the word granularity is large, there is an OOV (Out Of Vocabulary) problem in the actual environment, which brings leakage. report
[0009] (3) During the use of fastText, the loss function does not have a regularization constraint item, and overfitting will occur, which is prone to false positives
[0010] Therefore, there is no particularly practical and effective method in the existing network information security field, which can quickly and effectively detect cross-site scripting attacks; therefore, it is necessary to propose a more reasonable technical solution to improve the problems existing in the existing technology
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment
[0060] This embodiment is aimed at the XSS attack detection application under the application-level intrusion prevention system of the website. First, through data preprocessing, remove the part that is not related to XSS; then perform word segmentation and send it to the fastText model for detection; finally, perform "or" operation integration . Using the fastText engine and the rule engine to detect the same piece of data will produce four distributions in the following table 1, and use the "or" operation to integrate to realize the supplement and assistance to the rule engine (rule engine is 0, fastText engine is 1 ), find threats that the rule engine does not perceive, and assist security analysts in further work
[0061] Specifically, the technical solution disclosed in this embodiment is as follows.
[0062] Such as figure 1 As shown, the cross-site scripting attack detection method based on the improved fastText includes:
[0063] S01: Data preprocessing, preprocessi...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to the field of network information technology, in particular to a cross-site scripting attack detection method based on improved fastText, including data preprocessing, restoring an object character string to an original character string, and extracting a target request field; Matching detection; use fastText modeling to infer and predict the target request field; perform "OR" operation on the inferred and predicted results to obtain the final detection result. Aiming at the scene where the real-time performance of the website application-level intrusion prevention system is high, the present invention proposes an XSS attack detection method based on text classification fastText technology and based on the fusion of word-level and character-level word vectors with different granularities, which solves the OOV problem and eases the concept of Distribution drift problem; and introduce a regularization factor to improve the fastText loss function, overcome the problem of easy overfitting, and provide a feasible solution for the knowledge-driven rule engine of the website application-level intrusion prevention system that cannot detect XSS attacks of unknown paradigms.
Description
technical field [0001] The invention relates to the technical field of network information, in particular to a cross-site scripting attack detection method based on improved fastText. Background technique [0002] Cross Site Scripting (Cross Site Scripting, also known as XSS) refers to exploiting website vulnerabilities to maliciously steal information from users. The detection of such attacks has been the focus of the industry in recent years. [0003] Existing cross-site scripting attack detection methods generally have two types of ideas: knowledge-driven and data-driven. [0004] (1) Driven by knowledge. This type of method is simple and fast, and it detects by querying expert experience rules and data knowledge bases, but it is difficult to defend against unknown attacks outside the rules and knowledge bases. [0005] (2) Driven by data. This type of method is generally based on machine learning or deep learning technology, requires a lot of feature engineering, and ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40G06K9/62
Inventor 范敏康英来胥小波范晓波
Owner CHINA ELECTRONICS TECH CYBER SECURITY CO LTD