基于混合深度学习架构的Web注入检测方法研究与实现

打开文本图片集

中图分类号：TP393.0；TP183 文献标识码：A 文章编号：2096-4706（2025）15-0072-06

Research and Implementation of Web Injection Detection Method Based on Hybrid Deep Learning Architecture

YUZhenyang，LIUYuanxia （GuangdongPolytechnic of Scienceand Technology，Zhuhai519o9o，China）

Abstract： Withthecontinuous increaseof network securitythreats，Webinjectionatacks have become oneof thecommon means ofattck.Traditional Web injectiondetectionmethods generallyhave problems suchasporadaptabilitydependenceon handerafted features，anddificultyindealingwithencryptionconfusionatacks.Therefore，thispaper proposesa Webinjection detection model based on hybrid Deep Learning architecture，which combines Convolutional Neural Network （CNN）and Long Short-Term Memory（LSTM）network toimprove thedetectionauracyofSQLinjection，XsSandotherattacks.The experiment iscarriedoutonthepublicdataset.Thismethodfrst efectivelyfiltersoutnoisedata throughmulti-levelcleaning， then combines TF-IDFvectorization（n-gramrange1～3）torepresent thedata，anduses CNN to extractlocal featuresandLSTM to modeltemporal dependencies toconstruct ahybrid neural networkstructure.Theexperimentalresultsshowthat themethod has high detection accuracy，which verifies its effectiveness and practicability.

Keywords：Web injection attack detection; Deep Learning; CNN;LSTM;AUC

0 引言

OWASP（开放式Web应用程序安全项目）定期发布针对Web应用的十种主要攻击手段（10大漏洞安全列表），该报告总结了Web应用最容易受到的攻击方式，可以有效帮助IT公司和IT开发团队进行针对性的防范和测试，进而提高Web应用产品的安全性[。（剩余9126字）