摘要
针对深度学习方法检测SQL注入时特征提取效果欠佳的问题,提出一种基于时空特征融合的检测模型SFFM。首先使用BERT预训练模型进行词嵌入,使用TextCNN提取SQL样本中不同粒度下的局部空间特征,同时使用BiGRU在保证训练效率的同时提取SQL样本的时序特征;再把提取到的特征送入Attention层进行全局语义信息提取;最后将提取到的特征进行融合,连接全连接层后送入softmax分类器进行分类检测。对比实验结果表明:SFFM模型获得了高达99.95%的准确率和99.90%的召回率,相较于CNN、LSTM和BERT-base模型,具有更好的检测效果。
Considering poor feature extraction effect in detecting SQL injection through employing the deep learning method,a SFFM(spatiotemporal feature fusion model)-based detection model was proposed. In which, having BERT pre-training model used for word embedding and TextCNN employed to extract local spatial features of SQL samples at different granularity;meanwhile, having BiGRU adopted to extract temporal features of the SQL samples while ensuring a training efficiency;then, having the extracted features sent to the attention layer for global semantic information extraction;finally, having the extracted features fused and connected to the full connection layer and sent to the softmax classifier for classification detection. A comparative experiment shows that, the SFFM-based detection model can achieve an accuracy rate of 99.95% and a recall rate of 99.90%, and the SFFM-based detection model, as compared to CNN,LSTM and BERT-base models with single or simple structure, has better detection effect.
作者
王清宇
王海瑞
朱贵富
孟顺建
WANG Qing-yu;WANG Hai-rui;ZHU Gui-fu;MENG Shun-jian(Faculty of Information Engineering and Automation,Kunming University of Science and Technology)
出处
《化工自动化及仪表》
CAS
2023年第2期207-215,共9页
Control and Instruments in Chemical Industry
基金
国家自然科学基金项目(61863016,61263023)。
关键词
SQL注入检测
时空特征融合
SFFM模型
注意力机制
词嵌入
SQL injection detection
spatialtemporal feature fusion
SFFM model
attention mechanism
word embedding
