基于卷积神经网络的SQL注入检测技术详解<\/h1>

一、概述<\/h2>
本文详细讲解如何利用卷积神经网络(CNN)结合自然语言处理(NLP)技术来构建SQL注入检测系统。该系统能够有效识别SQL注入攻击，同时也能检测XSS攻击。<\/p>

二、数据集准备<\/h2>

2.1 数据集组成<\/h3>

系统使用三类数据集：<\/p>

训练集<\/strong>：用于训练检测模型

正常样本：24,500条<\/li>
SQL注入样本：25,527条<\/li>
XSS攻击样本：25,112条<\/li> <\/ul> <\/li>
验证集<\/strong>：用于训练过程中验证模型准确率

每类样本各10,000条<\/li> <\/ul> <\/li>
测试集<\/strong>：用于最终测试模型性能

每类样本各4,000条<\/li> <\/ul> <\/li> <\/ul>
2.2 数据样本示例<\/h3>

正常样本<\/strong>：
code%3Dzs_000001%2Czs_399001%2Czs_399006%26cb%3Dfortune_hq_cn%26_%3D1498591852632 <\/code><\/pre> <\/li> SQL注入样本<\/strong>： -9500%22%20WHERE%206669%3D6669%20OR%20NOT%20%284237%3D6337%29 <\/code><\/pre> <\/li> XSS注入样本<\/strong>： site_id%3Dmedicare%22%3E%3Cscript%3Ealert%281337%29%3C\/script%3E%2Casdf <\/code><\/pre> <\/li> <\/ul> 三、文本预处理<\/h2> 3.1 URL解码<\/h3> 由于样本大多经过URL编码，需要进行循环解码：<\/p> def<\/span> URLDECODE<\/span>(payload): <\/span><\/span> payload =<\/span> payload.<\/span>lower() <\/span><\/span> while<\/span> True<\/span>: <\/span><\/span> test =<\/span> payload <\/span><\/span> payload =<\/span> unquote(payload) <\/span><\/span> if<\/span> test ==<\/span> payload: <\/span><\/span> break<\/span> <\/span><\/span> return<\/span> payload <\/span><\/span><\/code><\/pre>3.2 数据规范化<\/h3> 为减少无关因素影响：<\/p> 将数字替换为"0"<\/li> 将URL替换为"http:\/\/u"<\/li> <\/ol> # 数字泛化为"0"<\/span> <\/span><\/span>payload, num =<\/span> re.<\/span>subn(r<\/span>'\d+'<\/span>, "0"<\/span>, payload) <\/span><\/span> <\/span><\/span># 替换URL为"http:\/\/u"<\/span> <\/span><\/span>payload, num =<\/span> re.<\/span>subn(r<\/span>'(http|https):\/\/[a-zA-Z0-9\.@&\/#!#\?]+'<\/span>, "http:\/\/u"<\/span>, payload) <\/span><\/span><\/code><\/pre>3.3 分词处理<\/h3> 使用正则表达式进行分词：<\/p> r =<\/span> '''(?x)[\w\.]+? <\/span><\/span><\/span> | \w+?<\/span>\'<\/span>\w+? <\/span><\/span><\/span> | http:\/\/\w <\/span><\/span><\/span> | <\/\w+> <\/span><\/span><\/span> | <\w+> <\/span><\/span><\/span> | <\w+ <\/span><\/span><\/span> | \w+=\w+ <\/span><\/span><\/span> | \.\.\. <\/span><\/span><\/span> | [\w\.]+'''<\/span> <\/span><\/span>return<\/span> nltk.<\/span>regexp_tokenize(payload, r) <\/span><\/span><\/code><\/pre>3.4 处理前后对比<\/h3> 处理前<\/strong>：<\/p> 1)))%252bAND%252b8941%25253d8941%252bAND \/yk10\/?page=54%20LIMIT%201%2C1%20UNION%20ALL%20SELECT%22C%20NULL%2C%20NULL%23 <\/code><\/pre> 处理后<\/strong>：<\/p> ['0'and', '0=', '0', 'and'] ['yk0', 'page=', '0', 'limit', '0', '0', 'union', 'all', 'select', 'null', 'null', 'null'] <\/code><\/pre> 四、词向量训练<\/h2> 使用Word2Vec将单词转化为计算机可理解的向量：<\/p> 4.1 Word2Vec模型<\/h3> Word2Vec有两种主要模型：<\/p> CBOW<\/strong>：通过上下文预测当前词<\/li> Skip-Gram<\/strong>：通过当前词预测上下文<\/li> <\/ol> 4.2 训练代码<\/h3> def<\/span> train_word2vec<\/span>(): <\/span><\/span> sentences =<\/span> MySentences(datadir) <\/span><\/span> cores =<\/span> multiprocessing.<\/span>cpu_count() <\/span><\/span> <\/span><\/span> if<\/span> os.<\/span>path.<\/span>exists(model_dir): <\/span><\/span> print("Find cache file <\/span>%s<\/span>"<\/span> %<\/span> model_dir) <\/span><\/span> model =<\/span> Word2Vec.<\/span>load(model_dir) <\/span><\/span> else<\/span>: <\/span><\/span> model =<\/span> Word2Vec(size=<\/span>max_features, window=<\/span>5<\/span>, <\/span><\/span> min_count=<\/span>10<\/span>, iter=<\/span>10<\/span>, workers=<\/span>cores) <\/span><\/span> model.<\/span>build_vocab(sentences) <\/span><\/span> model.<\/span>train(sentences, total_examples=<\/span>model.<\/span>corpus_count, <\/span><\/span> epochs=<\/span>model.<\/span>iter) <\/span><\/span> model.<\/span>save(model_dir) <\/span><\/span> print("save model complete!"<\/span>) <\/span><\/span><\/code><\/pre>4.3 词向量示例<\/h3> 单词"select"转化后的向量：<\/p> [ 5.525984 -2.4446 -0.9985928 -1.6910793 1.8828514 2.8958166 -0.0354603 -7.432402 -0.68348515 -4.0790896] <\/code><\/pre> 五、CNN模型构建与训练<\/h2> 5.1 网络结构<\/h3> 模型由三部分组成：<\/p> 卷积层<\/strong>：3层<\/li> 池化层<\/strong>：3层<\/li> 全连接层<\/strong><\/li> <\/ol> 5.2 训练代码<\/h3> def<\/span> train_cnn<\/span>(): <\/span><\/span> # 读取输入形状<\/span> <\/span><\/span> for<\/span> line in<\/span> open(".\/file\/INPUT_SHAPE"<\/span>): <\/span><\/span> input_shape =<\/span> int(line) <\/span><\/span> INPUT_SHAPE =<\/span> (input_shape, 16<\/span>) <\/span><\/span> <\/span><\/span> # 读取数据长度<\/span> <\/span><\/span> for<\/span> line in<\/span> open(".\/file\/len"<\/span>): <\/span><\/span> lens =<\/span> int(line) <\/span><\/span> data_size =<\/span> ceil(lens \/\/<\/span> (BATCH_SIZE *<\/span> NB_EPOCH)) <\/span><\/span> <\/span><\/span> # 读取验证集长度<\/span> <\/span><\/span> for<\/span> line in<\/span> open(".\/file\/valid_len"<\/span>): <\/span><\/span> valid_lens =<\/span> int(line) <\/span><\/span> valid_size =<\/span> ceil(valid_lens \/\/<\/span> (BATCH_SIZE *<\/span> NB_EPOCH)) <\/span><\/span> <\/span><\/span> # 构建模型<\/span> <\/span><\/span> model =<\/span> CNN.<\/span>build(input_shape=<\/span>INPUT_SHAPE, classes=<\/span>3<\/span>) <\/span><\/span> model.<\/span>compile(loss=<\/span>"categorical_crossentropy"<\/span>, <\/span><\/span> optimizer=<\/span>OPTIMIZER, <\/span><\/span> metrics=<\/span>["accuracy"<\/span>]) <\/span><\/span> <\/span><\/span> # 设置回调<\/span> <\/span><\/span> call =<\/span> TensorBoard(log_dir=<\/span>log_dir+<\/span>"cnn"<\/span>, write_grads=<\/span>True<\/span>) <\/span><\/span> checkpoint =<\/span> ModelCheckpoint(filepath=<\/span>'bestcnn'<\/span>, <\/span><\/span> monitor=<\/span>'val_acc'<\/span>, <\/span><\/span> mode=<\/span>'auto'<\/span>, <\/span><\/span> save_best_only=<\/span>'True'<\/span>) <\/span><\/span> <\/span><\/span> # 数据生成器<\/span> <\/span><\/span> next_batch =<\/span> data_generator(BATCH_SIZE, input_shape, ".\/file\/x_train"<\/span>) <\/span><\/span> next_valid_batch =<\/span> data_generator(BATCH_SIZE, input_shape, ".\/file\/x_valid"<\/span>) <\/span><\/span> <\/span><\/span> # 训练模型<\/span> <\/span><\/span> model.<\/span>fit_generator(batch_generator(next_batch, data_size), <\/span><\/span> steps_per_epoch=<\/span>data_size, <\/span><\/span> epochs=<\/span>NB_EPOCH, <\/span><\/span> callbacks=<\/span>[call, checkpoint], <\/span><\/span> validation_data=<\/span>batch_generator(next_valid_batch, data_size), <\/span><\/span> nb_val_samples=<\/span>valid_size) <\/span><\/span> <\/span><\/span> # 保存模型<\/span> <\/span><\/span> model.<\/span>save('cnn'<\/span>) <\/span><\/span> print("model save complete!"<\/span>) <\/span><\/span><\/code><\/pre>六、模型性能评估<\/h2> 6.1 测试结果<\/h3> SQL注入检测<\/strong>：<\/p> 准确率：97%<\/li> 误报率：3%<\/li> <\/ul> <\/li> XSS攻击检测<\/strong>：<\/p> 准确率：98%<\/li> 误报率：2%<\/li> <\/ul> <\/li> 正常样本检测<\/strong>：<\/p> 准确率：98%<\/li> 误报率：2%<\/li> <\/ul> <\/li> <\/ol> 七、系统工作流程<\/h2> 预处理阶段<\/strong>：<\/p> 对三组数据集进行分词和规范化处理<\/li> 训练得到词向量模型<\/li> <\/ul> <\/li> 训练阶段<\/strong>：<\/p> 使用词向量模型将训练集转化为向量<\/li> 使用CNN训练检测模型<\/li> <\/ul> <\/li> 检测阶段<\/strong>：<\/p> 使用训练好的模型对输入数据进行检测<\/li> 判断是否存在攻击行为<\/li> <\/ul> <\/li> <\/ol> 八、参考文献<\/h2> FreeBuf相关文章<\/a><\/li> Bonelee的博客<\/a><\/li> 刘焱. Web安全之深度学习实战 [M]. 机械工业出版社,2017.<\/li> <\/ol> 九、代码获取<\/h2> 项目代码已托管，具体地址请参考原文。<\/p> 注：本文基于fishyyh的原创文章，属于FreeBuf原创奖励计划，未经许可禁止转载<\/em><\/p>

基于卷积神经网络的SQL注入检测技术详解<\/h1>

一、概述<\/h2> 本文详细讲解如何利用卷积神经网络(CNN)结合自然语言处理(NLP)技术来构建SQL注入检测系统。该系统能够有效识别SQL注入攻击，同时也能检测XSS攻击。<\/p>

二、数据集准备<\/h2>

三、文本预处理<\/h2>

四、词向量训练<\/h2> 使用Word2Vec将单词转化为计算机可理解的向量：<\/p>

五、CNN模型构建与训练<\/h2>

六、模型性能评估<\/h2>

九、代码获取<\/h2> 项目代码已托管，具体地址请参考原文。<\/p> 注：本文基于fishyyh的原创文章，属于FreeBuf原创奖励计划，未经许可禁止转载<\/em><\/p>

一、概述<\/h2>
本文详细讲解如何利用卷积神经网络(CNN)结合自然语言处理(NLP)技术来构建SQL注入检测系统。该系统能够有效识别SQL注入攻击，同时也能检测XSS攻击。<\/p>

四、词向量训练<\/h2>
使用Word2Vec将单词转化为计算机可理解的向量：<\/p>

九、代码获取<\/h2>
项目代码已托管，具体地址请参考原文。<\/p>
注：本文基于fishyyh的原创文章，属于FreeBuf原创奖励计划，未经许可禁止转载<\/em><\/p>