Design And Implementation Of Web Attack Detection System Based On Deep Learning

With the rapid development of the Internet in the social process,people's lives are becoming more and more inseparable from the Internet.In the process of using the Internet,the identity and behavior information of users will also be stored on the Internet.Once these users' privacy information is leaked,it will harm everyone's interests.Therefore,people are paying more and more attention to network security issues.According to the survey results,almost every major website in China has suffered from SQL injection and XSS cross-site scripting attacks.For websites,vulnerabilities caused by malicious SQL injection and XSS cross-site scripting attacks are the most common and have the most impact.Since these two intrusion methods have similar attack forms,that is,they can cause vulnerabilities intrusion by means of malicious text embedding,so this study will classify and detect SQL injection and XSS attacks together.After studying the forms and characteristics of these two attacks,this article combines text feature engineering,deep learning,and tree model training algorithms to detect SQL injection and XSS cross-site scripting attacks.The key contents are as follows:First of all,the text data is fully analyzed and processed,and two methods are selected for comparison in the feature engineering part.The first method is feature engineering based on N-Gram and Information Gain.The feature sequence of the sentence is extracted from the preprocessed log sentence through the N-Gram model,and then the Information Gain is used for feature selection to obtain the feature vector.The second method is to process the text feature engineering based on the word embedding method of Word2 vec,by using the gensim module of the word2 vec method to model the processed log sentence to obtain the word vector model,and then input the text data to obtain the corresponding feature vector.Secondly,this article selects the training algorithm for Web attack detection based on the comparison of the deep learning Text-CNN,MLP and XGBoost in the tree model.The purpose is to train a more efficient and accurate model for identifying SQL injection and XSS attacks.In this paper,the method based on the combination of the two feature engineering methods mentioned in step one and the three training models mentioned in step two is realized,and a total of 6 combinations are realized,and the optimal detection combination model is retained after tuning.On this basis,this article develops based on Python,uses Django to build a framework,implements a Web attack detection system,and deploys the optimal model in the experiment to it.The system mainly includes a login and registration module,a preprocessing viewing module,a sentence detection module and a feature display module.The purpose is to apply the trained classification model to the actual Web attack detection system.The study of the model and the application of the model in the final realization of the system are of great significance to the detection and research of Web attack sentences.