Research On XSS Attack Detection Technology Based On Deep Learning

An XSS attack is an injection type of attack where a malicious script is loaded and executed due to the lack of escaping or filtering of user submitted data.These malicious scripts can steal the user's cookie information or request some operations that are not normally allowed as a trusted source,affecting the user's information security.At present,there are generally problems such as low training efficiency and weak generalization ability for XSS attack detection,and the defense of XSS attack is not perfect.In order to improve the accuracy and generalization ability of XSS attack detection,this thesis uses the current mainstream deep learning technology to study the XSS attack detection method based on deep learning.The main research work of this thesis is as follows:(1)Expound the background and significance of XSS attack defense,summarize the harm caused by XSS attack,analyze the reasons for the occurrence of XSS vulnerabilities,and summarize the type of XSS attacks.(2)For the traditional word embedding preprocessing method,in order to reduce the impact of different word separation methods on the experimental results,a new preprocessing method-character-level convolution is proposed,which performs text classification at the character level so as to preserve the original information of the attack samples to the greatest extent.(3)In order to improve the training efficiency of the model,we study how to utilize the representational features of the learned data of CVAE and the ability of the SE block to adjust the channel output.The encoder of CVAE is used as a feature extractor to learn the representational features of the attack samples,and the channel attention mechanism is used to learn the weight relationship of the feature maps to improve the accuracy and training efficiency of the model detection.Then comparative experiments are carried out.The first experiment compares the influence of different latent variable dimensions of the encoder output in CVAE on the classification effect;the second experiment is to set up control experiments to reflect the advantages of adding feature extractors.(4)In order to further improve the accuracy and generalization ability of the model,we study how to use the residual network to further deepen the neural network and use the gated recurrent unit to learn the data-dependent relationship,so as to comprehensively learn the spatiotemporal characteristics of the data and alleviates the gradient dispersion that may occur in the training process of the deep neural network.Then comparative experiments are carried out.The first experiment compares the influence of different preprocessing methods on the algorithm;the second experiment compares the training effect of several typical deep learning algorithms and the algorithm in this thesis on XSS attack detection.The innovation of this thesis is:(1)A XSS attack detection method based on CVAE and SENet is proposed,which uses CVAE to learn the representation features of data samples,maximizes the effective information obtained from the samples,and then introduces an attention mechanism in CNN to adaptively adjust the channels output.Experiments on xssed and Git Hub datasets show that when the latent variable Z dimension of CVAE reaches 10,the training accuracy is the highest,and CVAE?SENet can increase the speed of convergence during training,while increasing the accuracy to 94.31%.(2)A method of XSS attack detection based on Res Net and GRU is proposed,which builds a detection model based on deep neural network algorithm by learning the spatio-temporal characteristics of data,and exploit its ability to fit high-dimensional data features to improve the accuracy and generalization ability of attack detection.Experiments show that the accuracy of the method in this thesis is improved to about 99.05% compared with DNN,GRU,CNN and Dcnn?Gru,and the false alarm rate in this thesis is reduced to1.45%.