Research And Implementation Of Web Attack Detection Algorithm Based On Bidirectional Web Traffic

The web is becoming an increasingly important part of the Internet nowadays.But in most Web-based applications,there exist some security vulnerabilities due to the flexibility of its development language.The traditional rule-based detection approaches can no longer meet the effective requirement of detection unknown attack methods.Furthermore,with the increase in computing power,Web attack detection by deep learning has become a popular research area.In the domain of Web attack detection,most researchers only focus on the request traffic sent by the client,while ignoring a rather obvious part of the features in the returned traffic.In this paper,both request and response traffic generated during Web access are taken into consideration.After a serious operation of collection,URL clustering,and request,response content filtering,bidirectional web traffic data is included in the scope of Web attack detection simultaneously.Second,in real business scenarios,security data is very rare,which leads to limited datasets in Web attack detection tasks.In most cases,only traffics with security risks are marked,which leads to the problem of extremely unbalanced types of data when applying these datasets to machine learning or deep learning methods.In this paper,with a limited amount of malicious traffic samples and a large number of unlabeled samples,we managed to train a deep learning model with a semi-supervised method.In this method,we firstly managed to select some secure web traffics from all unlabeled data,then iteratively applying trained generators on selected data making the generator finally has a convergent state.Finally,in order to check whether the algorithm is effectively enough for real Web application protection,the proposed algorithm is implemented on a streaming computing engine named Apache Flink in this paper.In order to verify the performance and protection effectiveness of the system,a simulation system is built,and the results show that the attack traffic detection system implemented by the algorithm in this paper achieves an accuracy of over 95%and keeps the false alarm rate within 5%.