引用本文
  • 万巍,石鑫,魏金侠,李畅,龙春.基于Stacking融合模型的Web攻击检测方法[J].信息安全学报,2024,9(1):84-94    [点击复制]
  • WAN Wei,SHI Xin,WEI Jinxia,LI Chang,LONG Chun.Web Attack Detection Method Based on Stacking Fusion Model[J].Journal of Cyber Security,2024,9(1):84-94   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 8322次   下载 5217 本文二维码信息
码上扫一扫!
基于Stacking融合模型的Web攻击检测方法
万巍1,2, 石鑫1,2, 魏金侠1,2, 李畅3, 龙春1,2
0
(1.中国科学院计算机网络信息中心 北京 中国 100190;2.中国科学院大学 北京 中国 101408;3.中国信息通信研究院 北京 中国 100191)
摘要:
随着计算机技术与互联网技术的飞速发展,Web应用在人们的生产与生活中扮演着越来越重要的角色。但是在人们的日常生活与工作中带来了更多便捷的同时,却也带来了严重的安全隐患。在开发Web应用的过程中,大量不规范的新技术应用引入了很多的网站漏洞。攻击者可以利用Web应用开发过程中的漏洞发起攻击,当Web应用受到攻击时会造成严重的数据泄露和财产损失等安全问题,因此Web安全问题一直受到学术界和工业界的关注。超文本传输协议(HTTP)是一种在Web应用中广泛使用的应用层协议。随着HTTP协议的大量使用,在HTTP请求数据中包含了大量的实际入侵,针对HTTP请求数据进行Web攻击检测的研究也开始逐渐被研究人员所重视。本文提出了一种基于Stacking融合模型的Web攻击检测方法,针对每一条文本格式的HTTP请求数据,首先进行格式化处理得到既定的格式,结合使用Word2Vec方法和TextCNN模型将其转换成向量化表示形式;然后利用Stacking模型融合方法,将不同的子模型(使用配置不同尺寸过滤器的Text-CNN模型搭配不同的检测算法)进行融合搭建出Web攻击检测模型,与融合之前单独的子模型相比在准确率、召回率、F1值上都有所提升。本文所提出的Web攻击检测模型在公开数据集和真实环境数据上都取得了更加稳定的检测性能。
关键词:  入侵检测  stacking  融合模型  web攻击
DOI:10.19363/J.cnki.cn10-1380/tn.2024.01.06
投稿时间:2022-04-29修订日期:2022-06-28
基金项目:本课题得到中国科学院战略性先导科技专项(C 类)项目(No. XDC02030600), 中国科学院青年创新促进会(No. 2022170)资助。
Web Attack Detection Method Based on Stacking Fusion Model
WAN Wei1,2, SHI Xin1,2, WEI Jinxia1,2, LI Chang3, LONG Chun1,2
(1.Computer Network Information Center, Chinese Academy of Sciences, Beijing 100190, China;2.University of Chinese Academy of Sciences, Beijing 101408, China;3.China Academy of Information and Communications Technology, Beijing 100191, China)
Abstract:
With the rapid development of computer technology and Internet technology, Web applications play an increasingly important role in people's production and life. However, while it has brought more convenience to people's daily life and work, it has also brought serious safety risks. In the process of developing Web applications, a large number of irregular new technology applications have introduced many vulnerabilities. Attackers can exploit the vulnerabilities in the development of Web applications to launch Web attacks. When a Web application is attacked, it will cause serious security problems, such as data leakage and property damage. Therefore, Web security issues have always attracted the attention of academia and industry. Hypertext Transfer Protocol (HTTP) is an application-layer protocol that is widely used in Web applications. With the extensive use of the HTTP protocol, a large number of actual intrusions are included in the HTTP request data, and the research on Web attack detection based on the HTTP request data has also begun to be paid more and more attention by researchers. In this paper, we propose a Web attack detection method based on the Stacking fusion model. For each HTTP request data in text format, it is firstly formatted to obtain a predetermined format, and then the Word2Vec method and the TextCNN model are combined to convert it into a vectorized representation; we use the Stacking-based model fusion method to fuse different sub-models (using TextCNN models with filters of different sizes and different detection algorithms) to build a Web attack detection model. Compared with the individual sub-models before fusion, the precision, recall, and F1-score are improved. The proposed web attack detection model achieves more stable detection performance on both public dataset and real-world data.
Key words:  intrusion detection  stacking  fusion model  web attack