当前位置:
X-MOL 学术
›
J. Internet Serv. Appl.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Detecting web attacks with end-to-end deep learning
Journal of Internet Services and Applications Pub Date : 2019-08-27 , DOI: 10.1186/s13174-019-0115-x Yao Pan , Fangzhou Sun , Zhongwei Teng , Jules White , Douglas C. Schmidt , Jacob Staples , Lee Krause
Journal of Internet Services and Applications Pub Date : 2019-08-27 , DOI: 10.1186/s13174-019-0115-x Yao Pan , Fangzhou Sun , Zhongwei Teng , Jules White , Douglas C. Schmidt , Jacob Staples , Lee Krause
Web applications are popular targets for cyber-attacks because they are network-accessible and often contain vulnerabilities. An intrusion detection system monitors web applications and issues alerts when an attack attempt is detected. Existing implementations of intrusion detection systems usually extract features from network packets or string characteristics of input that are manually selected as relevant to attack analysis. Manually selecting features, however, is time-consuming and requires in-depth security domain knowledge. Moreover, large amounts of labeled legitimate and attack request data are needed by supervised learning algorithms to classify normal and abnormal behaviors, which is often expensive and impractical to obtain for production web applications. This paper provides three contributions to the study of autonomic intrusion detection systems. First, we evaluate the feasibility of an unsupervised/semi-supervised approach for web attack detection based on the Robust Software Modeling Tool (RSMT), which autonomically monitors and characterizes the runtime behavior of web applications. Second, we describe how RSMT trains a stacked denoising autoencoder to encode and reconstruct the call graph for end-to-end deep learning, where a low-dimensional representation of the raw features with unlabeled request data is used to recognize anomalies by computing the reconstruction error of the request data. Third, we analyze the results of empirically testing RSMT on both synthetic datasets and production applications with intentional vulnerabilities. Our results show that the proposed approach can efficiently and accurately detect attacks, including SQL injection, cross-site scripting, and deserialization, with minimal domain knowledge and little labeled training data.
中文翻译:
通过端到端深度学习检测Web攻击
Web应用程序是网络攻击的流行目标,因为它们可以通过网络访问并且通常包含漏洞。入侵检测系统监视Web应用程序,并在检测到攻击尝试时发出警报。入侵检测系统的现有实现通常从网络数据包或输入字符串特征中提取特征,这些特征被手动选择为与攻击分析相关。但是,手动选择功能非常耗时,并且需要深入的安全领域知识。而且,有监督的学习算法需要大量标记的合法和攻击请求数据来对正常和异常行为进行分类,这对于生产Web应用程序通常很昂贵且不切实际。本文为自主入侵检测系统的研究提供了三点贡献。首先,我们基于健壮的软件建模工具(RSMT)评估了一种无监督/半监督的Web攻击检测方法的可行性,该工具可以自动监视和表征Web应用程序的运行时行为。其次,我们描述RSMT如何训练堆叠式去噪自动编码器以编码和重建用于端到端深度学习的调用图,其中原始特征的低维表示与未标记的请求数据用于通过计算重构来识别异常请求数据错误。第三,我们分析了在合成数据集和具有故意漏洞的生产应用程序上对RSMT进行经验测试的结果。
更新日期:2019-08-27
中文翻译:
通过端到端深度学习检测Web攻击
Web应用程序是网络攻击的流行目标,因为它们可以通过网络访问并且通常包含漏洞。入侵检测系统监视Web应用程序,并在检测到攻击尝试时发出警报。入侵检测系统的现有实现通常从网络数据包或输入字符串特征中提取特征,这些特征被手动选择为与攻击分析相关。但是,手动选择功能非常耗时,并且需要深入的安全领域知识。而且,有监督的学习算法需要大量标记的合法和攻击请求数据来对正常和异常行为进行分类,这对于生产Web应用程序通常很昂贵且不切实际。本文为自主入侵检测系统的研究提供了三点贡献。首先,我们基于健壮的软件建模工具(RSMT)评估了一种无监督/半监督的Web攻击检测方法的可行性,该工具可以自动监视和表征Web应用程序的运行时行为。其次,我们描述RSMT如何训练堆叠式去噪自动编码器以编码和重建用于端到端深度学习的调用图,其中原始特征的低维表示与未标记的请求数据用于通过计算重构来识别异常请求数据错误。第三,我们分析了在合成数据集和具有故意漏洞的生产应用程序上对RSMT进行经验测试的结果。
京公网安备 11010802027423号