摘 要:针对水平越权检测过程中,因无法识别越权场景页面带来的检测误报问题,提出了一种基于深度学习的LSTMAutoEncoder无监督预测模型。该模型利用长短时记忆网络构建自动编码器,提取水平越权场景页面响应数据的文本特征并将其重建还原,统计还原结果与原始页面响应的误差,并根据未知页面的误差阈值判断水平越权的检测结果是否为误报。通过与One-Class SVM 和AutoEncoder 两种算法的比较,在真实业务数据下进行模型效果测试其有效性,为企业网络业务安全提供了保障。
关键词:LSTM-AutoEncoder 模型;水平越权;深度学习;网络安全;漏洞检测
中图分类号:TP393.08 文献标识码:A 文章编号:2096-4706(2020)23-0153-07
Horizontal Privilege Escalation Vulnerability Detection Based on LSTM-AutoEncoder
LI Shuaihua,SUN Qinghe,ZHAO Mingyu
(State Grid Electric Vehicle Service Co.,Ltd.,Beijing 100053,China)
Abstract:Aiming at the problem of detecting false positives caused by one’s inability to identify the page of the unauthorized scene in the horizon privilege escalation detection process,an unsupervised prediction model of LSTM-AutoEncoder based on deep learning is proposed. This model uses LSTM(Long Short-Term Memory)to construct an autoencoder,which extracts the response data’s text features of the horizontal privilege escalation scene page and reconstructs it. Then calculates the error between the restored result and the original page response,and judges whether the horizontal privilege escalation detection result is a false positive based on the error threshold of the unknown page. By comparing the two algorithms of One-Class SVM and AutoEncoder,the effectiveness of the model is tested under real business data,which provides a guarantee for the security of corporate network services.
Keywords:LSTM-AutoEncoder model;horizontal privilege escalation;deep learning;cyber security;vulnerability detection
参考文献:
[1] MARKMANN T,GESSNER D,WESTHOFF D. QuantDroid:Quantitative approach towards mitigating privilege escalation on Android [C]//2013 IEEE International Conference on Communications (ICC).Budapest:IEEE,2013:2144-2149.
[2] MOLLUS K,WESTHOFF D,MARKMANN T. Curtailingprivilege escalation attacks over asynchronous channels on Android [C]//2014 14th International Conference on Innovations for CommunityServices (I4CS).Reims:IEEE,2014:87-94.
[3] SUCIU D,MCLAUGHLIN S,SIMON L,et al. HorizontalPrivilege Escalation in Trusted Applications [C]// Proceedings of the 29thUSENIX Security Symposium.USENIX Association,2020:825-840.
[4] KRISHNAMURTHY A,METTLER A,WAGNER D. Finegrained privilege separation for web applications [C]//Proceedings of the 19th international conference on World wide web.Raleigh:Association for Computing Machinery,2010:551-560.
[5] NAGPURE S,KURKURE S. Vulnerability assessment and penetration testing of Web application [C]//2017 International Conference on Computing,Communication,Control and Automation(ICCUBEA).Pune:IEEE,2017:1-6.
[6] SUN F Q,XU L,SU Z D. Static Detection of Access Control Vulnerabilities in Web Applications [C]// Proceedings of the 20th USENIX conference on Security.Berkeley:USENIX Association,2011:64.
[7] MONSHIZADEH M,NALDURG P,VENKATAKRISHNAN V N. Mace:Detecting privilege escalation vulnerabilities in web applications [C]//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security.Scottsdale:Association for Computing Machinery,2014:690-701.
[8] DEEPA G,THILAGAM P S,PRASEED A,et al. DetLogic:A black-box approach for detecting logic vulnerabilities in web applications [J].Journal of Network and Computer Applications,2018,109:89-109.
[9] SONG H G,KIM Y,DOH K G. Automatic Detection of Access Control Vulnerabilities in Web Applications by URL Crawling and Forced Browsing [EB/OL].[2020-11-10]. https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.469.5880&rep=rep1&type=pdf.
[10] M A L,YAN Y J,XIE H. A New Approach for Detecting Access Control Vulnerabilities [C]//2019 7th International Conference on Information,Communication and Networks (ICICN).Macao:IEEE,2019:109-113.
[11] BUCZAK A L,GUVEN E. A survey of data mining and machine learning methods for cyber security intrusion detection [J].IEEECommunications surveys & Tutorials,2015,18(2):1153-1176.
[12] TSAI C F,HSU Y F,LIN C Y,et al. Intrusion detection by machine learning:A review [J].expert systems with applications,2009,36(10):11994-12000.
[13] YAVANOGLU O,AYDOS M. A review on cyber security datasets for machine learning algorithms [C]//2017 IEEE International Conference on Big Data (Big Data).Boston:IEEE,2017:2186-2193.
[14] HOCHREITER S,SCHMIDHUBER J. Long short-term memory [J].Neural computation,1997,9(8):1735-1780.
[15] ACKLEY D H,HINTON G E,SEJNOWSKI T J. A learning algorithm for Boltzmann machines [J].Cognitive science,1985,9(1):147-169.
[16] SRIVASTAVA N,MANSIMOV E,SALAKHUDINOVR. Unsupervised learning of video representations using lstms [C]//Proceedings of the 32nd International Conference on International Conference on Machine Learning.2015:843-852.
作者简介:
李帅华(1983—),男,汉族,山西朔州人,高级工程师,硕士,研究方向:网络与信息安全、人工智能与网络安全;
通讯作者:
孙庆贺(1995—),男,汉族,安徽宿州人,工程师,学士学位,研究方向:网络与信息安全;
赵明宇(1997—),男,汉族,山西临汾人,学士学位,工程师,研究方向:网络与信息安全。