| With the development and popularization of the internet,network security issues have become an important part of national security.As the frequency of attack and defense drills increases,traditional defense methods have gradually become inadequate.Furthermore,the development of artificial intelligence technology has brought new opportunities for the development of network security,especially in the direction of malicious traffic detection.There are more and more detection methods for common vulnerabilities such as SQL injection,command injection,and code injection,but there are few traffic detection methods for deserialization vulnerabilities that have the same level of harm and have appeared frequently in recent years,This paper aims to study intelligent detection technology for deserialization attack traffic,which is intended to quickly detect known and unknown deserialization attack traffic.This is of great significance for maintaining the security of network environment.Currently,most deserialization attack traffic detection methods are limited to rule-based detection and cannot effectively deal with unknown and obfuscated malicious deserialization traffic.Additionally,most deserialization attack detection methods are located on the host side and cannot provide timely warnings for vulnerabilities.Therefore,this paper studies deserialization attack traffic detection technology,taking PHP deserialization vulnerabilities as an example,and combines deep learning technology to identify malicious deserialization attack traffic.This can enhance the defense capabilities against deserialization vulnerabilities.This paper proposes a deserialization attack detection method from the traffic side,which mainly includes the following work:Firstly,the paper proposes a sample generation method for detecting deserialization attack traffic.This method mainly addresses the problem of small data volume and imbalanced samples when capturing traffic in deep learning scenarios.This method effectively improves the training effectiveness of the model.Secondly,the paper proposes a method for identifying obfuscated deserialization attack traffic.After extracting relevant information from the traffic,an embedded anti-obfuscation module is constructed to effectively reduce the false negative rate for some obfuscated deserialization traffic.This method can effectively identify obfuscated deserialization attack traffic.Thirdly,the paper proposes a deserialization attack detection model based on feature blending.The model uses deep learning to represent features and adds feature content extracted by expert knowledge to cover specialized deserialization attack chains.The experimental results show that the accuracy of this method can reach over 95%.Combining the work of this paper,a deserialization attack traffic detection system for PHP is implemented.The system can capture relevant attack traffic in real networks,proving that the system has the ability to detect deserialization vulnerabilities... |
PDF Full Text Request