计算机工程与应用 ›› 2022, Vol. 58 ›› Issue (10): 101-107.DOI: 10.3778/j.issn.1002-8331.2012-0456

• 网络、通信与安全 • 上一篇    下一篇

基于残差网络和GRU的XSS攻击检测方法

林雍博,凌捷   

  1. 广东工业大学 计算机学院,广州 510006
  • 出版日期:2022-05-15 发布日期:2022-05-15

XSS Attack Detection Method Based on Residual Network and GRU

LIN Yongbo, LING Jie   

  1. School of Computer, Guangdong University of Technology, Guangzhou 510006, China
  • Online:2022-05-15 Published:2022-05-15

摘要: 传统的XSS攻击及其漏洞检测方法在面对多样化的攻击payload时其效果难以令人满意,需要大量人工参与,具有较大的主观性;而如CNN、RNN等深度学习方法只能单一地学习数据样本的空间特征或时序特征。提出一种基于残差网络和GRU的XSS攻击检测方法,在CNN基础上引入残差框架并与GRU相结合来学习数据的时空特征,且通过利用dropout来提高模型的泛化能力。面对日益复杂多变的XSS payload,参考字符级卷积建立一个字典对数据样本进行编码,从而保留了原始数据的特征并提高了整体的效率,再转化为二维空间矩阵,使得其满足CNN的输入要求。在Github数据集上的实验结果表明,该方法的准确率为99.92%,误报率为0.02%,相比于DNN方法的准确率提高11.09个百分点、误报率降低3.95个百分点,且其他评价指标均优于GRU、CNN等对比方法。

关键词: XSS攻击检测, 深度学习, 卷积神经网络(CNN), ResNet, 门控循环单元(GRU)

Abstract: Traditional XSS attacks and their vulnerability detection methods are difficult to achieve satisfactory results in the face of diverse attack payloads, which require a lot of manual involvement and are highly subjective, and deep learning methods such as CNN and RNN can only learn spatial features or temporal features of data samples in a single way. This paper proposes an XSS attack detection method based on residual network and GRU, which introduces a residual framework based on CNN and combines GRU to learn the spatio-temporal features of data, and improves the generalization ability of the model by using dropout. In the face of the increasingly complex and variable XSS payload, this paper refers to character-level convolution to build a dictionary to encode the data samples so as to preserve the features of the original data and improve the overall efficiency, and then transforms it into a two-dimensional spatial matrix to make it meet the input requirements of CNN. The experimental results on the Github dataset show that the accuracy of this paper is 99.92% and the false alarm rate is 0.02%, the accuracy is 11.09 percentage points higher and the false alarm rate is 3.95 percentage points lower than the DNN method, and the other evaluation indexes are better than those of the GRU and CNN comparison methods.

Key words: XSS attack detection, deep learning, convolutional neural network(CNN), ResNet, gate recurrent unit(GRU)