基于Seq2Seq的无监督Web攻击检测
首发时间:2020-03-16
摘要:近年来,基于规则和有监督的方法被广泛应用于Web攻击检测。基于规则的方法通过分析已知Web攻击HTTP流量特征来检测攻击,依赖安全专家定义和设计规相应规则来过滤攻击,而且很容易被绕过。有监督的攻击检测方法则无法避免复杂的特征工程过程,这类启发式方法很难应对未知攻击检测,也无法准确识别攻击Payload具体位置。为此,本文提出了一个基于Seq2Seq的无监督、端到端Web攻击检测框架。设计的字符级嵌入模块可实现Web 请求序列无损嵌入表征,引入注意力机制来解决长序列检测和Payload定位问题,并提供了可视化方法验证检测结果。在CSIC 2010数据集上进行实验评估,模型的F1值达98.80%,平均检测时间约4.7ms,具有更好的准确性和实时性。
关键词: Web攻击检测 无监督学习 Seq2Seq Payload定位?????
For information in English, please click here
Unsupervised Web Attack Detection Based on Seq2Seq
Abstract:In recent years, rule-based and supervised methods have been widely used in web attack detection.Rule-based methods detect attacks by analyzing known web attack HTTP traffic characteristics, but rely on security experts to define and design corresponding rules to filter attacks, and they are easily bypassed. Supervised attack detection methods cannot avoid complex feature engineering processes. Such heuristicsare difficult to deal with unknown attacks and cannot accurately locate attack payload. To this end, this paper proposes an unsupervised end-to-end web attack detection framework based on Seq2Seq.The designed character-level embedding method can realize the non-destructive embedding characterization of the web request sequence, the attention mechanism is introduced to solve the problem of long sequence detection and payload locating, and provide a visual method to verify the detection results. The experiment results on the CSIC 2010 dataset show that our model\'s F1-score reached 98.80%, and the average detection time is about 4.7ms, which has better accuracy and real-time performance.
Keywords: Web attack detection Unsupervised learning Seq2Seq Payload locating
基金:
引用
No.****
同行评议
勘误表
基于Seq2Seq的无监督Web攻击检测
评论
全部评论0/1000