Research On Web Intrusion Detection Technology In The Cyber Range

With the rapid development of Internet,the Internet products such as e-commerce platform,social networking sites bring convenience to people.Meanwhile,the issue of network security is also increasingly prominent.As a simulation training field of network attack and defense,the purpose of the cyber range is to improve the attacking skills of the participants in the process of attack and defense training.Through the study and analysis of the attack and defense data produced during the training of the syber range,the training situation can be quickly and effectively understood.In order to detect and record these attack and defense data,the intrusion detection technology is generally used.Web attack and defense are an important module.To study its attack and defense methods and improve the efficiency of Web intrusion detection can effectively improve the level of training personnel.This thesis research on Web intrusion detection technology in the cyber range.The features,methods and defense methods of Web intrusion behavior are analyzed,as well as the concepts,principles,processes,and characteristics of intrusion detection technology.The main work is as follows:1.The text features of SQL injection and XSS attack are extracted by using word2 vec to solve the problem that human extraction features require a lot of security knowledge and the features extracted and can not fully represent the characteristic attributes of the attack payload.Firstly,some words in black samples are selected as attack words by statistical and artificial screening,and then word2 vec is used to train the feature words to generate an attack semantic model.2.In view of the fact that the traditional feature matching method can not identify the defects of unknown attacks,machine learning is used to classify and detect Web intrusion behavior.First,we use the trained word vector model to quantify the SQL injection and XSS attacks,and then use the SVM algorithm to carry out classification detection,and compare the detection results of different word vector dimensions and the number of words.3.The Web intrusion detection simulation experiment and the application experiment in the cyber range are designed,and the classification effect of different attack types is compared with the use of human extracted features and word2 vec features of SVM.Experiments show that the accuracy of SQL injection and XSS attack detection can reach over 96% and the false positive rate is low.