| In the past 20 years,the Internet has been rapidly popularized in China,and various kinds of Web applications have sprung up on the Internet,providing various network services for the majority of Internet users.As the number of Web users is getting larger and larger,the Web services play a more and more important role in our life,and more and more attention is paid to the issues of Web application.Especially for the security problem of the Web server,the service provider's Web application needs to beware of malicious attacks from all aspects while ensuring high-quality services for users.For web applications,many malicious attacks are hidden in a large number of user requests.In order to provide high-quality services to users while defending against these malicious attacks,web applications need to detect normal users and malicious users through malicious detection systems to prevent web applications from processing malicious requests.At present,the detection methods of malicious web requests used by most web applications are mainly based on the detection method of reserved strings.Through the analysis of the principle and external features of various malicious requests,some strings unique to malicious requests are summarized as strings reserved by the system.The malicious request detection process is the detection of these reserved strings,and the Web containing reserved strings.The request will be classified as a malicious request.Although the detection method has a high precision,it needs to manually summarize and maintain the reserved string,and when the malicious request changes the attack mode or hides the keyword,the detection of such detection method can be bypassed.This paper designs and implements a malicious web request detection system based on CNN model.By referring to the feature extraction principle of CNN model recognition image,this paper designs a malicious web request detection model based on CNN for the URL structure of Web request,and automatically extracts the salient features of various malicious requests through CNN convolution kernel.A variety of malicious requests are detected in a large number of benign user requests.Compared with other similar models in the final test process,the model of this paper is superior to the index of the recall rate and the precision rate,and also greatly reduces the false positive rate of the model.For the complex web application environment,in order to improve the ability of the whole detection system to cope with the change of attack mode,this paper also designs and implements a model scheduling system to help the detection model collect online data in real time,monitor online data changes,and screen typical malicious samples.The sample retrains and updates the monitoring model so that the entire system can automatically adapt to changes in the attack mode to ensure longterm stability and efficient operation of the detection system.From the final test results,when the attack mode of the malicious web request changes,after the scheduling system completes the collection of the new attack sample,the updated training set is used to train the existing model,and then the detection model of the detection system is updated.The entire detection system is adapted to the change of the attack mode,so that the detection system can continuously help the web application to effectively resist various malicious web requests. |
PDF Full Text Request