• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学

• 计算机网络与信息安全 • 上一篇    下一篇

基于MLP-HMM的跨站脚本攻击检测

周康,万良,丁红卫   

  1. (贵州大学计算机科学与技术学院,贵州 贵阳 550025 )
  • 收稿日期:2018-09-12 修回日期:2019-01-25 出版日期:2019-08-25 发布日期:2019-08-25
  • 基金资助:

    贵州省科学基金黔科合J字[2011](2328);贵州省科学基金黔科合LH字[2014](7634)

A cross-site script detection method
based on MLP-HMM

ZHOU Kang,WAN Liang,DING Hong-wei   

  1. (School of Computer Science and Technology,Guizhou University,Guiyang 550025,China)
  • Received:2018-09-12 Revised:2019-01-25 Online:2019-08-25 Published:2019-08-25

摘要:

针对隐马尔科夫模型(HMM)在跨站脚本检测中对初始先验假设估计不准确和以极大似然准则规定的HMM参数分类能力差的缺陷,提出了一种基于MLP-HMM的跨站脚本检测模型。首先,使用自然语言处理(NLP)方法解决数据高维复杂性问题。然后,通过多层感知机(MLP)神经网络学习对整个模型进行权值微调得到初始观察矩阵。最后,将该观察矩阵代入HMM中,增强HMM参数构建能力和分类能力。结果表明,结合MLP的HMM相比于原始HMM以及传统算法在跨站脚本检测上检测率有显著提高,并缩短了检测时间。
 

关键词: 跨站脚本检测, 隐马尔科夫模型, 多层感知机, 极大似然估计, 观察矩阵

Abstract:

Given that the estimation of the initial priori hypothesis of the hidden Markov model (HMM) in the cross-station script detection is inaccurate, and the ability of the HMM parameter classification with the maximal likelihood criterion is poor, we propose a cross station script detection model based on MLP-HMM. Firstly, we use the natural language processing (NLP) approach to solve the high-dimensional complexity problem of data. Then, the weights of the whole model are fine-tuned to get the initial observation matrix through the multi-layer perceptron (MLP) neural network learning. Finally, the observation matrix is put into the HMM model to enhance the model's capacity of parameter construction and classification. Experimental results show that the HMM model combined with MLP can significantly improve the detection rate and reduce the detection time in comparison with the original HMM and the traditional algorithm in cross-site script detection.
 

Key words: cross-site script detection, hidden Markov model (HMM), multi-layer perceptron (MLP), maximum likelihood estimate, observation matrix