结合CNN和LSTM改进的XSS攻击检测工具

Anais Estendidos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg Estendido 2021) Pub Date : 2021-10-04 DOI:10.5753/sbseg_estendido.2021.17333

Caio Lente, R. Hirata Jr., D. Batista

{"title":"结合CNN和LSTM改进的XSS攻击检测工具","authors":"Caio Lente, R. Hirata Jr., D. Batista","doi":"10.5753/sbseg_estendido.2021.17333","DOIUrl":null,"url":null,"abstract":"Cross-Site Scripting (XSS) is still a significant threat to web applications. By combining Convolutional Neural Networks (CNN) with Long ShortTerm Memory (LSTM) techniques, researchers have developed a deep learning system called 3C-LSTM that achieves upwards of 99.4% accuracy when predicting whether a new URL corresponds to a benign locator or an XSS attack. This paper improves on 3C-LSTM by proposing different network architectures and validation strategies and identifying the optimal structure for a more efficient, yet similarly accurate, version of 3C-LSTM. The authors identify larger batch sizes, smaller inputs, and cross-validation removal as modifications to achieve a speedup of around 3.9 times in the training step.","PeriodicalId":102643,"journal":{"name":"Anais Estendidos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg Estendido 2021)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"An Improved Tool for Detection of XSS Attacks by Combining CNN with LSTM\",\"authors\":\"Caio Lente, R. Hirata Jr., D. Batista\",\"doi\":\"10.5753/sbseg_estendido.2021.17333\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cross-Site Scripting (XSS) is still a significant threat to web applications. By combining Convolutional Neural Networks (CNN) with Long ShortTerm Memory (LSTM) techniques, researchers have developed a deep learning system called 3C-LSTM that achieves upwards of 99.4% accuracy when predicting whether a new URL corresponds to a benign locator or an XSS attack. This paper improves on 3C-LSTM by proposing different network architectures and validation strategies and identifying the optimal structure for a more efficient, yet similarly accurate, version of 3C-LSTM. The authors identify larger batch sizes, smaller inputs, and cross-validation removal as modifications to achieve a speedup of around 3.9 times in the training step.\",\"PeriodicalId\":102643,\"journal\":{\"name\":\"Anais Estendidos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg Estendido 2021)\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Anais Estendidos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg Estendido 2021)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5753/sbseg_estendido.2021.17333\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Anais Estendidos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg Estendido 2021)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5753/sbseg_estendido.2021.17333","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

跨站点脚本(XSS)仍然是web应用程序的一个重大威胁。通过将卷积神经网络(CNN)与长短期记忆(LSTM)技术相结合，研究人员开发了一种名为3g -LSTM的深度学习系统，在预测新URL是否对应于良性定位器或XSS攻击时，准确率高达99.4%。本文对3C-LSTM进行了改进，提出了不同的网络架构和验证策略，并确定了更有效但同样准确的3C-LSTM版本的最佳结构。作者确定了更大的批量大小，更小的输入，以及交叉验证的删除作为修改，以在训练步骤中实现大约3.9倍的加速。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Improved Tool for Detection of XSS Attacks by Combining CNN with LSTM

Cross-Site Scripting (XSS) is still a significant threat to web applications. By combining Convolutional Neural Networks (CNN) with Long ShortTerm Memory (LSTM) techniques, researchers have developed a deep learning system called 3C-LSTM that achieves upwards of 99.4% accuracy when predicting whether a new URL corresponds to a benign locator or an XSS attack. This paper improves on 3C-LSTM by proposing different network architectures and validation strategies and identifying the optimal structure for a more efficient, yet similarly accurate, version of 3C-LSTM. The authors identify larger batch sizes, smaller inputs, and cross-validation removal as modifications to achieve a speedup of around 3.9 times in the training step.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Anais Estendidos do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg Estendido 2021)

自引率

0.00%

发文量