Research On Web Firewall Attack Detection Technology

Traditional network security protection tools such as intrusion detection systems,Network firewalls can only work at a lower level of OSI,and cannot do anything about attacks at the application layer.Web application firewall is an attack detection system between users and Web applications,which can effectively ensure internal information security.However,traditional Web application firewalls have obvious flaws in the use of feature matching rule libraries,and they cannot do anything about new types of attacks.In recent years,machine learning technology has been applied to the field of Web attack detection,and the efficiency has been greatly improved,but the efficiency of shallow machine learning detection needs to be further improved.In response to the above paper,a SQL injection attack detection method based on Convolutional Neural Network(CNN)and a Web attack detection method based on support vector machines(SVM)are proposed.First of all,in view of the low efficiency of shallow machine learning and some existing deep learning-based models,a CNN-based SQL injection attack detection method is proposed.This method uses preprocessing,word segmentation,vectorization combined with CNN way to improve detection efficiency.First,word2 vec and Glove models are used to convert the data mined in this article into word vectors.Through this method to complete vectorization,while maintaining a high efficiency,it can also avoid wasting too much manpower and computing resources.Then use the convolutional neural network model to learn the characteristics of these word vectors,and then distinguish the attacked and normal data.Finally,experiments verify that the convolutional neural network has achieved very good results in SQL injection attacks.Secondly,aiming at the problem of single recognition type of traditional Web attack detection methods,low detection efficiency based on feature matching methods and foreign machine learning algorithms,this paper proposes a Web attack detection method based on SVM,which uses custom selected features combined with information gain.First,through the preprocessing of the data set,10 features such as URL length,request type,length of parameter part,number of parameters are selected,and the extracted features are filtered with information gain,and then combine the support vector machine algorithm,and select the kernel function through the experimental results,and finally generate the SVM model,and use the model to identify Web attacks.Finally,it is verified through experiments that the support vector machine solves the existing problems in the current method in Web attack detection.