CN109960934A - A kind of malicious requests detection method based on CNN - Google Patents
A kind of malicious requests detection method based on CNN Download PDFInfo
- Publication number
- CN109960934A CN109960934A CN201910228412.3A CN201910228412A CN109960934A CN 109960934 A CN109960934 A CN 109960934A CN 201910228412 A CN201910228412 A CN 201910228412A CN 109960934 A CN109960934 A CN 109960934A
- Authority
- CN
- China
- Prior art keywords
- sample
- cnn
- malicious requests
- model
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 31
- 239000013598 vector Substances 0.000 claims abstract description 40
- 238000012423 maintenance Methods 0.000 claims abstract description 11
- 238000013527 convolutional neural network Methods 0.000 claims description 51
- 238000012549 training Methods 0.000 claims description 33
- 238000000034 method Methods 0.000 claims description 30
- 238000013528 artificial neural network Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 description 13
- 238000004422 calculation algorithm Methods 0.000 description 7
- 239000011159 matrix material Substances 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000003780 insertion Methods 0.000 description 4
- 230000037431 insertion Effects 0.000 description 4
- 230000007774 longterm Effects 0.000 description 4
- 239000000243 solution Substances 0.000 description 4
- 230000003044 adaptive effect Effects 0.000 description 3
- 230000001965 increasing effect Effects 0.000 description 3
- 238000002347 injection Methods 0.000 description 3
- 239000007924 injection Substances 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000007796 conventional method Methods 0.000 description 2
- 230000007812 deficiency Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 230000032258 transport Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 208000011580 syndromic disease Diseases 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Biomedical Technology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Virology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Computer And Data Communications (AREA)
Abstract
The malicious requests detection method based on CNN that the invention discloses a kind of is related to field of information security technology, described based on detection method includes the following steps: 1) to collect sample;2) data prediction;3) CNN model is constructed;4) deployment model;5) it is run on line;6) later maintenance.In order to solve the problems, such as that existing malicious requests detection method causes malicious requests by under-enumeration due to easily there is information loss, each character of inquiry string is indicated by the present invention by using character embedded technology using high dimension vector, and then it is being distinguished in enabling model more accurately and indicating each character under current text environment, information loss can be effectively reduced, solve the problems, such as that existing malicious requests detection method causes malicious requests to be had broad application prospects by under-enumeration due to easily there is information loss.
Description
Technical field
The present invention relates to field of information security technology, specifically a kind of malicious requests detection method based on CNN.
Background technique
Constantly universal and Web service type with network is continuously increased, and the safety of Web service website also becomes outstanding
It is important.In order to improve the safety of Web service website, it usually needs detected to various types of malicious requests.
Currently, detecting this problem for malicious requests, the solution of actual use is most or rule-based black
List testing mechanism is filtered the forbidden character string of ad hoc rules by the target characters matching technique such as canonical and disliked to reach detection
The purpose of meaning request.Although this method can resist the malice Web request of the overwhelming majority, still expose in use
Many problems: first, the rule of matching malicious requests key feature needs artificial summary, and this summary is needed based on experience
The talent for being well understood by various types malicious requests can sum up applicable key feature;Second, when rule is more, rule
The maintenance cost in library be can not ignore;Third, the target character matching technique of present mainstream is canonical matching, and canonical engine
Performance is seriously affected, when especially regular more complicated, at this moment will result in unnecessary time delay, this is for Web service
It is for quotient and unacceptable.
For the deficiency of the malicious requests detection method of this rule-based blacklist testing mechanism, it is thus proposed that a kind of
(wherein SQL injection attack is the one of malice Web request to method based on the detection SQL injection attack of SVM machine learning model
Kind), this method converts a digitized feature for the Web request information of user according to the pre-set identification characteristics of model
Vector, SVM model calculate the probability that current Web request is SQL injection attack using this feature vector as input.
But there is also following deficiencies in actual use for above-mentioned technical solution: this method obtain digitized feature to
Amount need to be but limited due to identification characteristics by pre-set identification characteristics, this process certainly exists the loss of information, into
And causes some unknown or carry out encoded malicious requests by under-enumeration.Therefore, a kind of malicious requests based on CNN are designed
Detection method, the problem of becoming current urgent need to resolve.
Summary of the invention
The malicious requests detection method based on CNN that the purpose of the present invention is to provide a kind of, to solve above-mentioned background technique
The existing malicious requests detection method of middle proposition leads to the problem of malicious requests are by under-enumeration due to easily there is information loss.
To achieve the above object, the invention provides the following technical scheme:
A kind of malicious requests detection method based on CNN, which is characterized in that it the following steps are included:
1) it collects sample: collecting the typical sample for needing the different type malicious requests detected and obtain sample data, remember
Record type belonging to obtained sample data and the data;
2) data prediction: sample data is pre-processed;
Wherein, the pretreatment is to arrange the sample data of different type malicious requests and remove redundant data and missing number
According to, while the format of the every data of specification;
3) it constructs CNN model: pretreated sample data is extracted into inquiry string, will be looked by character insertion
The each character for asking character string is indicated using high dimension vector, then constructs CNN model by convolution, Chi Hualai;
Tensor is converted for digital vectors by using one-hot coding, and does longitudinal convolution with it with multiple filters and transports
It calculates to obtain multiple feature vectors in different size, these feature vectors is then changed into a vector using pond, most
A malicious requests are calculated by Softmax function afterwards and belong to all kinds of probability;
4) deployment model: deployment CNN model establishes corresponding problem sample database and training sample to Web server
Database;
Described problem sample database and training sample database are respectively used to store the lower sample of newfound confidence level
Sheet and training sample;By copying the CNN model file of building on the server that need to be used to, and write the journey of calling model
Sequence, so that new user requests to call in time after reaching server;(result confidence level is exported to model for problem sample
Lower sample), also need to write program and be deposited into database, after manually sorting out, training sample database is added, so as to it is subsequent more
New model;
5) it is run on line: receiving user's request and carry out data prediction according to the method for step 2), according to server
CNN model calculates pretreated data and outputs results to Web server;
6) it later maintenance: periodically checks problem sample database and checks whether containing exceptional sample;Wherein, the exception
Sample can be unknown malicious requests type etc., if checking exceptional sample, instruction is stored in after exceptional sample is sorted out
Practice sample database, CNN model in more new line after training under warp, to guarantee the real-time of CNN model on line.
As a further solution of the present invention: in step 1), the typical sample is the allusion quotation for having the type malicious requests
The sample of type feature;The collection can take various ways, for example, using web crawlers, open security date set etc..
As further scheme of the invention: in step 2), the redundant data includes duplicate data, host information
With routing information data.
As further scheme of the invention: in step 3), the character is embedded as will based on neural network embeding layer
Each character is indicated with a high dimension vector, i.e., character is embedded into higher dimensional space;Due to malicious requests character string mainly by
Letter, number and spcial character composition, so only need to be encoded all characters to indicate institute with digital vectors with number
Some malice samples.
As further scheme of the invention: in step 5), after CNN model outputs results to web server, if mould
Type is lower than preset threshold value to the confidence level of current request, then records the output result of current request and model and store to corresponding
The problem of sample database.
Compared with prior art, the beneficial effects of the present invention are:
1, maintenance cost of the invention is lower, uses each character of inquiry string by using character embedded technology
High dimension vector is indicated, while by the training of training sample, and then is enable model more accurately and indicated that each character is being worked as
Inherent difference under preceding text environments, can effectively reduce information loss, solve existing malicious requests detection method due to easy
There is information to lose and lead to the problem of malicious requests are by under-enumeration, while detection efficiency with higher.
2, the present invention using the filter in CNN model and requests character string when extracting each type requests feature
Digital representation carries out convolution algorithm, and the typical case of each type flaw attack can be automatically extracted by the quantity and size for increasing filter
Feature has stronger adaptive ability without removing one feature database of maintenance as conventional method.
Detailed description of the invention
Fig. 1 is the route map of the malicious requests detection method based on CNN.
Fig. 2 is the building flow chart of CNN model in the malicious requests detection method based on CNN.
Specific embodiment
Present invention will be explained in further detail in the following with reference to the drawings and specific embodiments.Following embodiment will be helpful to
Those skilled in the art further understands the present invention, but the invention is not limited in any way.It should be pointed out that ability
For the those of ordinary skill in domain, without departing from the inventive concept of the premise, various modifications and improvements can be made.These
Belong to protection scope of the present invention.
It should be appreciated that ought use in this specification and in the appended claims, term " includes " instruction is described special
Sign, entirety, step, operation, the presence of element and/or component, but be not precluded one or more of the other feature, entirety, step,
Operation, the presence or addition of element, component and/or its set.
Technical solution of the present invention is described in more detail With reference to embodiment.
Embodiment 1
A kind of malicious requests detection method based on CNN, please refers to Fig. 1-2, specifically includes the following steps:
1) it collects sample: collecting the typical sample for needing the different type malicious requests detected and obtain sample data;Institute
Stating typical sample is the sample for having the characteristic feature of the type malicious requests, is had certain representative;
Specifically, different types of malicious requests sample is collected thousands of and obtains sample data, collect means
Various ways can be taken, for example, using web crawlers, open security date set etc., the sample data recorded and the number
According to affiliated type;
2) data prediction: sample data is pre-processed;The pretreatment is arrangement different type malicious requests
Sample data simultaneously removes redundant data and missing data, while the format of the every data of specification;
The pretreatment includes the domain-name information etc. in removal data;Wherein, the sample of different type malicious requests is arranged
When data, malicious requests and its affiliated type are a data;
Specifically, the source due to each sample data may be different, the quality of data also can be different, so using sample
Removal redundant data and some data (missing data) for not marking affiliated type are needed before data;
The redundant data includes duplicate data, host information and routing information data;Web request includes many portions
Point, wherein having host machine part, path sections and inquiry string, inquiry string is used in this embodiment to construct
CNN model, so host information and routing information need to remove;
3) it constructs CNN model: pretreated sample data is extracted into inquiry string, will be looked by character insertion
The each character for asking character string is indicated using high dimension vector, then constructs CNN model by convolution, Chi Hualai;Wherein, the word
Symbol insertion is to be indicated each character with a high dimension vector based on neural network embeding layer, i.e., character is embedded into higher-dimension sky
Between;
It should be understood that carrying out the feature of recording different types malicious requests in a mathematical format by using CNN model;It is logical
It crosses Softmax function and calculates the probability that a malicious requests belong to different type malicious requests;The building CNN model is to use
The typical sample training initial model of different type malicious requests, and training process is to be passed through by a large amount of known type samples
The process of back-propagation algorithm computation model parameter, it is specific as shown in Figure 2;
The process of building CNN model is described below with reference to Fig. 2:
Firstly, since the character string of malicious requests is mainly made of letter, number and spcial character, so only needing to own
Character encoded with number, i.e., available digital vectors indicate all malice samples;
For example, malicious requests specific for one, the digital vectors after being encoded are denoted as s, it is assumed that this is maliciously asked
N character is sought, then s is a n-dimensional vector;S is converted for s by using one-hot coding, S is the tensor of a n row, m column,
M is the quantity of all characters herein;Generate initial embeded matrix E (each of the initial embeded matrix E at random by system
Character corresponds to a k dimensional vector, the k dimensional vector of all characters and the matrix for constituting m row k column), that E is m row, k is arranged
Amount, wherein k is the size of embedded space, belongs to system parameter, can use 128 here, then can calculate tensor X=S*E, X's is big
Small is n row, k column;
Secondly, the multiple filters of obtained tensor X and X are done longitudinal convolution algorithm, the filter is substantially
It is a l row, the tensor of k column, initial filter is generated at random by system;
Specifically, l can choose according to actual state, the different of l indicate that (filter essence is exactly for filters of different sizes
Matrix, size are l row, k column, and k value has determined that when determining embeded matrix E, l herein can value according to the actual situation,
Such as: 2,3 or 5 etc. are taken, different values indicates that the size of filter is different, special to extract different size of part
Sign), multiple filters are needed in use, now for convenience of stating, taking F is one of filter, and size is l × k, that
The convolution algorithm of F and X will obtain a feature vector y, and circular is as follows:
Wherein, yiFor i-th of value of feature vector y, so i is in [0, n-l] interior value;R, c is index class variable;Relu
Function is popular activation primitive, mathematic(al) representation are as follows: Relu (x)=max (0, x);
Then, due to using multiple filters, so being obtained multiple in different size after above convolution algorithm
The number for obtaining these feature vectors is denoted as p by feature vector, and simple pond can be used, and (pond mode is more, takes here most
Big value pond, that is, take the maximum value of each feature vector to represent the vector, realizes the transformation of vector to number, this process has number
According to loss, but the robustness for enhancing model is necessary) these feature vectors are changed into the specific calculating of vector a z, z
Method are as follows:Wherein, ziFor i-th of value of vector z, yiFor i-th in multiple feature vectors, t
To index class variable;
Finally, can calculate current malicious requests by vector z belongs to all kinds of probability, the quantity of type is denoted as c, uses rjTable
Show that current request belongs to the probability of jth class, wherein j≤c, then rjCalculation method it is as follows:
Wherein, wI, jFor the weight in this layer of neural network, initial value is by system random initializtion, and Softmax function meter
Calculation method are as follows:By the above process, a malicious requests belong to all kinds of probability and can calculate, and
Training process is to pass through the process of back-propagation algorithm computation model parameter by a large amount of known type samples, is needed in this model
The parameter of calculating has embeded matrix E, the weight parameter w of each filter F and neural networkI, j;
4) deployment model: deployment CNN model establishes corresponding problem sample database and training sample to Web server
Database;Wherein, described problem sample database and training sample database be respectively used to store newfound confidence level compared with
Low sample and training sample;
Specifically, the CNN model file of building is copied on the server that need to be used, and write the journey of calling model
Sequence, so that new user requests to call in time after reaching server.(result confidence level is exported to model for problem sample
Lower sample), also need to write program and be deposited into database, after manually sorting out, training sample database is added, so as to it is subsequent more
New model;
5) it is run on line: receiving user's request and carry out data prediction according to the method for step 2), according to server
CNN model calculates pretreated data and outputs results to Web server;
After CNN model returns results to web server, if model is lower than preset threshold to the confidence level of current request
Value, then record current request and model outputs results to corresponding problem sample database;
6) it later maintenance: periodically checks problem sample database and checks whether containing exceptional sample;
For example, the exceptional sample can be unknown malicious requests type etc..It, will be abnormal if checking exceptional sample
Sample is stored in training sample database after being sorted out, CNN model in more new line after training under warp, to guarantee CNN mould on line
The real-time of type;Due in long-term operational process, in fact it could happen that malicious requests of new type or by way of coding
Fallacious message is hidden, these situations are all that initial training sample never occurs, cause model that can not make accurate judgement,
Cause the confidence level of output insufficient, so needing from these emerging samples to guarantee model operation steady in a long-term
Representative sample is selected, and these samples are added in training sample and carry out more new model, to guarantee the fresh of model
Degree.
In the present embodiment, a kind of computer readable storage medium is stored thereon with computer program instructions, the program instruction
The step of above method is realized when being executed by processor.
Embodiment 2
A kind of malicious requests detection method based on CNN, please refers to Fig. 1-2, collects all kinds of malice that need to be detected first and asks
Then the typical sample asked establishes detection model and with the parameter of training sample training pattern as training sample;Then it carries out
It is disposed on line, preservation model confidence level lower problem sample while request on line is handled, to hand picking these problems sample
After this, it is added into training sample, so as to more new model, makes the change of model adaptation attack method, can be used for solving existing
The problem that detection method maintenance cost is higher, matching process efficiency is lower and adaptive ability is not strong.
Specifically, detection method includes the following steps for the malicious requests based on CNN:
1) it collects sample: collecting the typical sample for needing the different type malicious requests detected and obtain sample data, remember
Record type belonging to obtained sample data and the data;The typical sample is the characteristic feature for having the type malicious requests
Sample;The collection can take various ways, for example, using web crawlers, open security date set etc.;
2) data prediction: sample data is pre-processed;Wherein, the pretreatment is asked to arrange different type malice
The sample data asked simultaneously removes redundant data and missing data, while the format of the every data of specification;
3) it constructs CNN model: pretreated sample data is extracted into inquiry string, will be looked by character insertion
The each character for asking character string is indicated using high dimension vector, then constructs CNN model by convolution, Chi Hualai;
The character is embedded as indicating each character with a high dimension vector based on neural network embeding layer, i.e., by character
It is embedded into higher dimensional space;Since the character string of malicious requests is mainly by letter, number and spcial character composition, so only need to be by institute
Some characters are encoded to indicate all malice samples with digital vectors with number;
Tensor is converted for digital vectors by using one-hot coding, and does longitudinal convolution with it with multiple filters and transports
It calculates to obtain multiple feature vectors in different size, these feature vectors is then changed into a vector using pond, most
A malicious requests are calculated by Softmax function afterwards and belong to all kinds of probability;
4) deployment model: deployment CNN model establishes corresponding problem sample database and training sample to Web server
Database;
Described problem sample database and training sample database are respectively used to store the lower sample of newfound confidence level
Sheet and training sample;By copying the CNN model file of building on the server that need to be used to, and write the journey of calling model
Sequence, so that new user requests to call in time after reaching server;(result confidence level is exported to model for problem sample
Lower sample), also need to write program and be deposited into database, after manually sorting out, training sample database is added, so as to it is subsequent more
New model;
5) it is run on line: receiving user's request and carry out data prediction according to the method for step 2), according to server
CNN model calculates pretreated data and outputs results to Web server;
After CNN model returns results to web server, if model is lower than preset threshold to the confidence level of current request
Value, then record current request and model outputs results to corresponding problem sample database;
6) it later maintenance: periodically checks problem sample database and checks whether containing exceptional sample;If checking exception
Sample is stored in training sample database after then being sorted out exceptional sample, CNN model in more new line after training under warp, with
Guarantee the real-time of CNN model on line;Due in long-term operational process, in fact it could happen that the malicious requests of new type are logical
The mode for crossing coding hides fallacious message, these situations are all that initial training sample never occurs, and cause model that can not do
Accurately judgement out causes the confidence level of output insufficient, so needing new from these to guarantee model operation steady in a long-term
Representative sample is selected in the sample of appearance, and these samples are added in training sample and carry out more new model, to protect
The freshness of model of a syndrome.
Present invention has the advantages that maintenance cost of the invention is lower, by using character embedded technology by polling character
Each character of string is indicated using high dimension vector, while by the training of training sample, and then keeps model more accurate
It is being distinguished in indicating each character under current text environment, information loss can be effectively reduced, existing malice is solved and ask
Detection method is asked to lead to the problem of malicious requests are by under-enumeration due to easily there is information loss, while detection with higher is imitated
Rate;
The present invention is when extracting each type requests feature, using the number of filter and request character string in CNN model
Word indicates progress convolution algorithm, and the typical case that can automatically extract each type flaw attack by the quantity and size for increasing filter is special
Sign has stronger adaptive ability without removing one feature database of maintenance as conventional method;
It present invention can be suitably applied to detection and defence of the Web service provider to the malicious requests in mass users request, root
According to different testing results, Web server takes different counter-measures to provide safer service.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can for
Machine memory, flash memory, read-only memory, programmable read only memory, electrically erasable programmable memory, register etc..
Better embodiment of the invention is explained in detail above, but the present invention is not limited to above-mentioned embodiment party
Formula within the knowledge of one of ordinary skill in the art can also be without departing from the purpose of the present invention
Various changes can be made.There is no necessity and possibility to exhaust all the enbodiments.And it thus amplifies out apparent
Variation or variation be still in the protection scope of this invention.
Claims (5)
1. a kind of malicious requests detection method based on CNN, which is characterized in that it the following steps are included:
1) it collects sample: collecting the typical sample for needing the different type malicious requests detected and obtain sample data;
2) data prediction: sample data is pre-processed;Wherein, the pretreatment is removal redundant data and missing number
According to, while the format of the every data of specification;
3) it constructs CNN model: pretreated sample data is extracted into inquiry string, be embedded in by character by inquiry word
Each character of symbol string is indicated using high dimension vector, then constructs CNN model by convolution, Chi Hualai;
4) deployment model: deployment CNN model establishes corresponding problem sample database and number of training to Web server
According to library;
5) it is run on line: receiving user's request and carry out data prediction according to the method for step 2), according to the CNN mould of server
Type calculates pretreated data and outputs results to Web server;
6) it later maintenance: periodically checks problem sample database and checks whether containing exceptional sample.
2. the malicious requests detection method according to claim 1 based on CNN, which is characterized in that in step 1), the allusion quotation
Pattern is originally the sample for having the characteristic feature of the type malicious requests.
3. the malicious requests detection method according to claim 2 based on CNN, which is characterized in that described superfluous in step 2)
Remainder is according to including duplicate data, host information and routing information data.
4. the malicious requests detection method according to claim 2 based on CNN, which is characterized in that in step 3), the word
Symbol is embedded as indicating each character with a high dimension vector based on neural network embeding layer.
5. the malicious requests detection method according to claim 1 to 4 based on CNN, which is characterized in that when CNN model
After outputting results to web server, if model is lower than preset threshold value to the confidence level of current request, record current request and
The output result of model is simultaneously stored to corresponding problem sample database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910228412.3A CN109960934A (en) | 2019-03-25 | 2019-03-25 | A kind of malicious requests detection method based on CNN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910228412.3A CN109960934A (en) | 2019-03-25 | 2019-03-25 | A kind of malicious requests detection method based on CNN |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109960934A true CN109960934A (en) | 2019-07-02 |
Family
ID=67024985
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910228412.3A Pending CN109960934A (en) | 2019-03-25 | 2019-03-25 | A kind of malicious requests detection method based on CNN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109960934A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111368291A (en) * | 2020-02-28 | 2020-07-03 | 山东爱城市网信息技术有限公司 | Method and system for realizing honeypot-like defense |
| CN113821791A (en) * | 2020-06-18 | 2021-12-21 | 中国电信股份有限公司 | Method, system, storage medium and apparatus for detecting SQL injection |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108347430A (en) * | 2018-01-05 | 2018-07-31 | 国网山东省电力公司济宁供电公司 | Network invasion monitoring based on deep learning and vulnerability scanning method and device |
| US20180365528A1 (en) * | 2017-06-14 | 2018-12-20 | International Business Machines Corporation | Hieroglyphic feature-based data processing |
| CN109450845A (en) * | 2018-09-18 | 2019-03-08 | 浙江大学 | A kind of algorithm generation malice domain name detection method based on deep neural network |
-
2019
- 2019-03-25 CN CN201910228412.3A patent/CN109960934A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180365528A1 (en) * | 2017-06-14 | 2018-12-20 | International Business Machines Corporation | Hieroglyphic feature-based data processing |
| CN108347430A (en) * | 2018-01-05 | 2018-07-31 | 国网山东省电力公司济宁供电公司 | Network invasion monitoring based on deep learning and vulnerability scanning method and device |
| CN109450845A (en) * | 2018-09-18 | 2019-03-08 | 浙江大学 | A kind of algorithm generation malice domain name detection method based on deep neural network |
Non-Patent Citations (1)
| Title |
|---|
| WEI RONG: "Malicious Web Request Detection Using Character-level CNN", 《ARXIV》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111368291A (en) * | 2020-02-28 | 2020-07-03 | 山东爱城市网信息技术有限公司 | Method and system for realizing honeypot-like defense |
| CN113821791A (en) * | 2020-06-18 | 2021-12-21 | 中国电信股份有限公司 | Method, system, storage medium and apparatus for detecting SQL injection |
| CN113821791B (en) * | 2020-06-18 | 2024-07-12 | 中国电信股份有限公司 | Method, system, storage medium and device for detecting SQL injection |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109302410B (en) | Method and system for detecting abnormal behavior of internal user and computer storage medium | |
| CN102591854B (en) | For advertisement filtering system and the filter method thereof of text feature | |
| CN109391706A (en) | Domain name detection method, device, equipment and storage medium based on deep learning | |
| US20120323866A1 (en) | Efficient development of a rule-based system using crowd-sourcing | |
| CN112541476B (en) | Malicious webpage identification method based on semantic feature extraction | |
| Liu et al. | Exploiting web images for fine-grained visual recognition by eliminating open-set noise and utilizing hard examples | |
| CN113032525A (en) | False news detection method and device, electronic equipment and storage medium | |
| WO2022089227A1 (en) | Address parameter processing method, and related device | |
| CN109784308A (en) | A kind of address error correction method, device and storage medium | |
| CN109960934A (en) | A kind of malicious requests detection method based on CNN | |
| CN116451081A (en) | Data drift detection method, device, terminal and storage medium | |
| CN113626826A (en) | Intelligent contract security detection method, system, equipment, terminal and application | |
| CN117727043A (en) | Training and image retrieval methods, devices and equipment of information reconstruction model | |
| CN117370980A (en) | Malicious code detection model generation and detection method, device, equipment and medium | |
| CN110851708B (en) | Negative sample extraction method, device, computer equipment and storage medium | |
| CN112348318A (en) | Method and device for training and applying supply chain risk prediction model | |
| CN116958809A (en) | Remote sensing small sample target detection method for feature library migration | |
| CN110929506A (en) | Junk information detection method, device and equipment and readable storage medium | |
| CN116483437A (en) | Cross-language or cross-library application program interface mapping method based on representation learning | |
| CN109739840A (en) | Data processing empty value method, apparatus and terminal device | |
| CN112348041A (en) | Log classification and log classification training method and device, equipment and storage medium | |
| CN114124564B (en) | Method and device for detecting counterfeit website, electronic equipment and storage medium | |
| CN114584372A (en) | Tor website fingerprint identification method based on attention mechanism and LSTM | |
| CN111833171A (en) | Abnormal operation detection and model training method, device and readable storage medium | |
| CN112784015A (en) | Information recognition method and apparatus, device, medium, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190702 |