当前位置:
X-MOL 学术
›
PeerJ Comput. Sci.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Data augmentation-based conditional Wasserstein generative adversarial network-gradient penalty for XSS attack detection system
PeerJ Computer Science ( IF 3.5 ) Pub Date : 2020-12-14 , DOI: 10.7717/peerj-cs.328 Fawaz Mahiuob Mohammed Mokbal 1, 2 , Dan Wang 1 , Xiaoxi Wang 3 , Lihua Fu 1
PeerJ Computer Science ( IF 3.5 ) Pub Date : 2020-12-14 , DOI: 10.7717/peerj-cs.328 Fawaz Mahiuob Mohammed Mokbal 1, 2 , Dan Wang 1 , Xiaoxi Wang 3 , Lihua Fu 1
Affiliation
The rapid growth of the worldwide web and accompanied opportunities of web applications in various aspects of life have attracted the attention of organizations, governments, and individuals. Consequently, web applications have increasingly become the target of cyberattacks. Notably, cross-site scripting (XSS) attacks on web applications are increasing and have become the critical focus of information security experts’ reports. Machine learning (ML) technique has significantly advanced and shown impressive results in the area of cybersecurity. However, XSS training datasets are often limited and significantly unbalanced, which does not meet well-developed ML algorithms’ requirements and potentially limits the detection system efficiency. Furthermore, XSS attacks have multiple payload vectors that execute in different ways, resulting in many real threats passing through the detection system undetected. In this study, we propose a conditional Wasserstein generative adversarial network with a gradient penalty to enhance the XSS detection system in a low-resource data environment. The proposed method integrates a conditional generative adversarial network and Wasserstein generative adversarial network with a gradient penalty to obtain necessary data from directivity, which improves the strength of the security system over unbalance data. The proposed method generates synthetic samples of minority class that have identical distribution as real XSS attack scenarios. The augmented data were used to train a new boosting model and subsequently evaluated the model using a real test dataset. Experiments on two unbalanced XSS attack datasets demonstrate that the proposed model generates valid and reliable samples. Furthermore, the samples were indistinguishable from real XSS data and significantly enhanced the detection of XSS attacks compared with state-of-the-art methods.
中文翻译:
XSS攻击检测系统基于数据增强的条件Wasserstein生成对抗网络梯度惩罚
万维网的快速发展以及伴随着生活中各个方面的Web应用程序的发展吸引了组织,政府和个人的注意力。因此,Web应用程序已越来越成为网络攻击的目标。值得注意的是,对Web应用程序的跨站点脚本(XSS)攻击正在增加,并且已成为信息安全专家报告的重点。机器学习(ML)技术取得了显着进步,并在网络安全领域显示出令人瞩目的成果。但是,XSS训练数据集通常是有限的,而且非常不平衡,无法满足发达的ML算法的要求,并有可能限制检测系统的效率。此外,XSS攻击具有多个有效载荷矢量,它们以不同的方式执行,导致许多真实威胁无法通过检测系统。在这项研究中,我们提出了一种具有梯度惩罚的条件Wasserstein生成对抗网络,以增强在资源匮乏的数据环境中的XSS检测系统。所提出的方法将条件生成对抗网络和Wasserstein生成对抗网络集成在一起,并具有梯度罚分,以从方向性获得必要的数据,从而提高了安全系统相对于不平衡数据的强度。所提出的方法生成少数类的合成样本,这些样本具有与实际XSS攻击方案相同的分布。增强的数据用于训练新的增强模型,随后使用真实的测试数据集评估模型。在两个不平衡的XSS攻击数据集上进行的实验表明,该模型可生成有效且可靠的样本。此外,与最新的方法相比,样本与真实的XSS数据没有区别,并且显着增强了XSS攻击的检测能力。
更新日期:2020-12-14
中文翻译:
XSS攻击检测系统基于数据增强的条件Wasserstein生成对抗网络梯度惩罚
万维网的快速发展以及伴随着生活中各个方面的Web应用程序的发展吸引了组织,政府和个人的注意力。因此,Web应用程序已越来越成为网络攻击的目标。值得注意的是,对Web应用程序的跨站点脚本(XSS)攻击正在增加,并且已成为信息安全专家报告的重点。机器学习(ML)技术取得了显着进步,并在网络安全领域显示出令人瞩目的成果。但是,XSS训练数据集通常是有限的,而且非常不平衡,无法满足发达的ML算法的要求,并有可能限制检测系统的效率。此外,XSS攻击具有多个有效载荷矢量,它们以不同的方式执行,导致许多真实威胁无法通过检测系统。在这项研究中,我们提出了一种具有梯度惩罚的条件Wasserstein生成对抗网络,以增强在资源匮乏的数据环境中的XSS检测系统。所提出的方法将条件生成对抗网络和Wasserstein生成对抗网络集成在一起,并具有梯度罚分,以从方向性获得必要的数据,从而提高了安全系统相对于不平衡数据的强度。所提出的方法生成少数类的合成样本,这些样本具有与实际XSS攻击方案相同的分布。增强的数据用于训练新的增强模型,随后使用真实的测试数据集评估模型。在两个不平衡的XSS攻击数据集上进行的实验表明,该模型可生成有效且可靠的样本。此外,与最新的方法相比,样本与真实的XSS数据没有区别,并且显着增强了XSS攻击的检测能力。
京公网安备 11010802027423号