BiLSTM在跨站脚本检测中的应用研究

doi:10.3778/j.issn.1673-9418.1909035

摘要/Abstract

摘要：

目前传统的跨站脚本（XSS）检测技术大多使用机器学习方法，存在代码被恶意混淆导致可读性不高、特征提取不充分并且效率低等缺陷，从而导致检测性能不佳。针对上述问题，提出了使用双向长短时记忆网络检测跨站脚本攻击的方法。首先，对数据进行预处理，使用解码技术将跨站脚本代码还原到未编码状态，从而提高跨站脚本代码的可读性，再使用深度学习工具word2vec将解码后的代码转换为向量作为神经网络的输入；其次，使用双向长短时记忆网络双向学习跨站脚本攻击的抽象特征；最后，使用softmax分类器对学习到的抽象特征进行分类，同时使用dropout算法避免模型出现过拟合。对收集到的数据集进行实验，结果表明，与几种传统机器学习方法和深度学习方法相比，该检测方法表现出更优的检测性能。

关键词: 跨站脚本（XSS）, 解码技术, word2vec, 双向长短时记忆网络（BiLSTM）

Abstract:

At present, machine learning methods are used in the most traditional cross-site scripting (XSS) detection technologies, which have some defects, such as bad readability because of maliciously confused code, insufficient feature extraction and low efficiency, resulting in poor performance. According to these problems, a way used bidirectional long-short term memory (BiLSTM) network is proposed to detect the XSS attack. First, the data need to be preprocessed, the decoding technology is used to restore the XSS codes to the state before encoding to improve the readability, and the deep learning tool word2vec is used to convert the decoded codes into vectors as the input of the neural network. Then, BiLSTM network is used to bilaterally learn the abstract features of the attack. Finally, the softmax classifier is used to classify the learned abstract features and the dropout algorithm is used to avoid over fitting. The experimental results based on the collected datasets show that compared with several traditional machine learning methods and deep learning methods, this method has better detection performance.

Key words: cross-site scripting (XSS), decoding techniques, word2vec, bidirectional long-short term memory network (BiLSTM)

程琪芩，万良. BiLSTM在跨站脚本检测中的应用研究[J]. 计算机科学与探索, 2020, 14(8): 1338-1347.

CHENG Qiqin, WAN Liang. Application Research of BiLSTM in Cross-Site Scripting Detection[J]. Journal of Frontiers of Computer Science and Technology, 2020, 14(8): 1338-1347.

参考文献

[1] Hasib A A. Threats of online social networks[J]. International Journal of Computer Science and Network Security, 2009, 9(11): 88-293.
[2] Hydara I, Sultan A B M, Zulzalil H, et al. Current state of research on cross-site scripting (XSS)-A systematic literature review[J]. Information and Software Technology, 2015, 58: 170-186.
[3] Duchene F, Rawat S, Richier J L, et al. KameleonFuzz: evolutionary fuzzing for black-box XSS detection[C]//Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, San Antonio, Mar 3-5, 2014. New York: ACM, 2014: 37-48.
[4] Sarmah U, Bhattacharyya D K, Kalita J K. A survey of detection methods for XSS attacks[J]. Journal of Network and Computer Applications, 2018, 118: 113-143.
[5] Hadpawat T, Vaya D. Analysis of prevention of XSS attacks at client side[J]. International Journal of Computer Applications, 2017, 173(10): 1-4.
[6] Duchene F, Groz R, Rawat S, et al. XSS vulnerability detection using model inference assisted evolutionary fuzzing[C]//Proceedings of 5th IEEE International Conference on Software Testing, Verification and Validation, Montreal, Apr 17-21, 2012. Washington: IEEE Computer Society, 2012: 815-817.
[7] Duchene F, Rawat S, Richier J L, et al. LigRE: reverse- engineering of control and data flow models for black-box XSS detection[C]//Proceedings of the 2013 Working Conference on Reverse Engineering, Koblenz, Oct 14-17, 2013. Piscataway: IEEE, 2013: 252-261.
[8] Khan N, Abdullah J, Khan A S. Defending malicious script attacks using machine learning classifiers[J]. Wireless Communications and Mobile Computing, 2017, 8(6): 5326-5332.
[9] Wang R, Jia X Q, Li Q L, et al. Machine learning based cross-site scripting detection in online social network[C]//Proceedings of the 2014 IEEE International Conference on High Performance Computing and Communications, 6th IEEE International Symposium on Cyberspace Safety and Security, 11th IEEE International Conference on Embedded Software and Systems, Paris, Aug 20-22, 2014. Piscataway: IEEE, 2014: 823-826.
[10] Rathore S, Sharma P K, Park J H. XSSClassifier: an efficient XSS attack detection approach based on machine learning classifier on SNSs[J]. Journal of Information Processing Systems, 2017, 13(4): 1014-1028.
[11] Li Q L, Wang R, Jia X Q. Cross-site scripting detection in online social network based on classifiers and improved n-gram model[J]. Journal of Computer Applications, 2014, 34(6): 1661-1665. 李沁蕾, 王蕊, 贾晓启. OSN中基于分类器和改进n-gram模型的跨站脚本检测方法[J]. 计算机应用, 2014, 34(6): 1661-1665.
[12] Vishnu B A, Jevitha K P. Prediction of cross-site scripting attack using machine learning algorithms[C]//Proceedings of the 2014 International Conference on Interdisciplinary Advances in Applied Computing, Amritapuri, Oct 10-11, 2014. New York: ACM, 2014: 1-5.
[13] Gupta M K, Govil M C, Singh G. Text-mining based predictive model to detect XSS vulnerable files in Web applications[C]//Proceedings of the 2015 Annual IEEE India Conference, New Delhi, Dec 17-20, 2015. Piscataway: IEEE, 2015: 1-6.
[14] Guo X B, Jin S Y, Zhang Y X. XSS vulnerability detection using optimized attack vector repertory[C]//Proceedings of the 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, Xi??an, Sep 17-19, 2015. Washington: IEEE Computer Society, 2015: 29-36.
[15] Li Z, Zou D Q, Xu S H, et al. VulDeePecker: a deep learning-based system for vulnerability detection[C]//Proceedings of the 25th Annual Network and Distributed System Security Symposium, San Diego, Feb 18-21, 2018. The Internet Society, 2018: 1-15.
[16] Wu F, Wang J G, Liu J Q, et al. Vulnerability detection with deep learning[C]//Proceedings of the 3rd IEEE International Conference on Computer and Communications, Chengdu, Dec 13-16, 2017. Piscataway: IEEE, 2018: 1298-1302.
[17] Fang Y, Li Y, Liu L, et al. DeepXSS: cross site scripting detection based on deep learning[C]//Proceedings of the 2018 International Conference on Computing and Artificial Intelligence, Chengdu, Mar 12-14, 2018. New York: ACM, 2018: 47-51.
[18] Zeng Y, Yang H G, Feng Y S, et al. A convolution BiLSTM neural network model for Chinese event extraction[C]//LNCS 10102: Proceedings of the 5th CCF Conference on Natural Language Processing and Chinese Computing, and 24th International Conference on Computer Processing of Oriental Languages, Kunming, Dec 2-6, 2016. Berlin, Heidelberg: Springer, 2016: 275-287.
[19] Zhang L, Xiang F S. Relation classification via BiLSTM-CNN[C]//LNCS 10943: Proceedings of the 3rd International Conference on Data Mining and Big Data, Shanghai, Jun 17-22, 2018. Berlin, Heidelberg: Springer, 2018: 373-382.