Design And Implementation Of Web Application Firewall System Based On Bert Model

With the rapid development of Internet technologies,the dominant network architecture of the internet is gradually shifting from the traditional Client/Server(C/S)architecture to the Browser/Server(B/S)based centralized architecture.As the web application services are experiencing an exponential increase in the numbers,the network security issues in web application have attracted enormous attention due to frequent incidents related to network security.Not only considerable economic losses,but also privacy leakage of users lead to the requirement of effective protection measures.Derived from the defense strategy,web application firewalls have been promoted as solutions to protect web application services.Numerous corporations and laboratories of universities are actively researching efficient attack detection algorithms to protect web application services.However,most of the commercial web application firewalls are still lack of a visual display of attack path,and as a result,cannot provide an intuitive presentation to web application developers.This thesis presents an investigation into web attack identification that is achieved by text classification.The highlight of the novel attack detection system in this thesis is the fine-tuning of Bert model that incorporates the current status of web application attack.Combined with other opensource firewall components,the optimized Bert model system successfully reduces the rate of missing report and errors for web application firewalls.Taking advantage of tuned Bert model that can complete more accurate attack detection,a web application firewall system with multiple functions,including accessing application,attack detection and attack data display,is constructed based on B/S architecture,in which Mod Security provides users with multiple detection routes,Spark Streaming and Flume play a role in completing the real-time calculation of attack detection data stream.In detail,the novel attack detection system incorporates four main functions: user management,attack detection,application management and data analysis.According to tested results,this system has a high recognition rate for Web attack requests and can handle a large number of firewall logs.More importantly,it can make attack data visually accessible.Overall,the system operates smoothly,featuring high stability and strong usability.There are there innovations in this thesis:The first is the design and optimization of attack detection module.In this thesis,the attack detection problem is transformed into a text classification problem.The Bert model,which has been widely used with high accuracy in recent years,is selected as the baseline model.The highfrequency words appearing in Web requests is added to the vocabulary database.The Bert Chinese model is used for pre-training while being fine-tuned to be calibrated to the current small scale of attack detection data set.The learning rate is adjusted in time according to the training effect.When the multi-round training fails to improve the classification effect,the training task is terminated early and the Mean-Max Pooling and weight attenuation schemes are used to prevent the overfitting problem that arises from the model being too large while data set being too small.The second is the Web application firewall micro servicing.The web application firewall system adopts the concept of micro servicing and provides the web application firewall as a service to developers.Developers can access and configure applications separately to fulfill their own needs,which solves the complexity problem of firewall configuration for existing web applications to a certain extent that also reduces the side effect on the whole network system when the firewall configuration is changed.These advantages make it suitable for teams with more demands and faster iterations.The third is the visualization of Web application firewall data.The use of Spark Streaming combined with Flume ensures the real-time calculation of attack detection data stream and guarantees the control of the application security in time,solving the black box problem with traditional Web firewalls.In this system,data calculation is timely,chart data is clear,developer’s actual demands are met.In conclusion,the web application firewall system presented in this thesis features the optimized Bert model for attack detection,which reduces the rate of missing report and errors for web application firewalls,providing servicing management of Web applications and data analysis with promising practicality.The other functions solve the complexity problem of existing Web application firewalls and improve display of defense results.In practical applications,this system supports the selection of distinctive security strategies to meet the individual needs of different users.Acting as an efficient solution to the problems of insufficient accuracy of Web application firewalls and insufficient analysis of defense results,this system has high value in practical application.