Web Application Attack Detection Model Based On Deep Learning

With the rapid development of network information technology,the network is playing an increasingly important role in industry,society and people's daily lives.Cybersecurity is essential for personal,organizational and even national security.However,with the continuous development of new technologies,various attacks that use network system vulnerabilities to achieve intrusion purposes are also constantly innovated.In order to improve the defense capabilities against these continuously improved attacks,a more comprehensive,effective,and accurate detection system has become the goal of researchers.The attack detection of the network application layer,as an essential part of network security,has attracted the attention of many scientific researchers in recent years.Thesis studies the models for attack detection,including the principles and hazards of various web application layer attacks,web application layer attack detection models based on empirical features,web application layer attack detection models based on semantic features,web application layer attack detection models based on fusion,and related algorithms and networks.The research in thesis involves various web application layer attacks that cause great harm,including cross-site scripting attacks,remote code execution attacks,remote command execution attacks,SQL injection attacks,and sensitive file attacks.Based on these attacks,thesis' s data set is constructed.When studing the detection model based on the empirical features,thesis collects many proposed features and proposes seven new features.When studying the extraction of semantic features,thesis has carried out a detailed study on a variety of natural language processing models,including text GCN network,text CNN network,LSTM network,and multiple models based on these classic networks.In addition,because many documents have proved that deep neural networks can achieve better decision performance than machine learning structures,in the decision module part,thesis mainly studies fully connected networks.Based on the study mentioned above,thesis proposes a novel model named GIDURL on the problem of network application layer attack detection.This model extracts URL's empirical features and semantic features.In order to perform semantic feature extraction more comprehensively,a pooling structure based on weighted fusion gated convolutional recurrent unit(GRU)is proposed.Moreover,in order to further improve the performance of the model,thesis proposes a fusion decision scheme based on trust and malicious bias,and uses a Generative Adversarial Network(GAN)to balance and expand the data set.Simulation proves the model in thesis can achieve98.4% accuracy and 99.2% recall rate.In addition,simulation proves that the system has stronger adaptive ability for zero-day attack detection.