Go to OpenReview Public Article DBLP homepageGCN-InjectionDetect: Injection Attack Detection Method Based on Graph Convolutional Networks
Abstract: Cross-site scripting (XSS) attacks, SQL injection attacks, and command injection attacks are among the most prevalent types of web attacks, accounting for 58.3% of all web attacks according to statistical findings. Numerous detection methods have been developed to address these injection attacks, primarily focusing on analyzing the URL portion of HTTP requests to determine if they constitute an attack. Our analysis of injection attack alerts generated by an IDS system deployed in a real network reveals that only 4.26% of the attack payloads are located within the URL segment. This indicates that current detection methods, when applied to real-world networks, may result in a significant number of false negatives. Furthermore, existing methods fail to analyze the relationships between different fields of HTTP messages to uncover deeper latent features of attack payloads. To address these limitations, we propose an injection attack detection method called GCN-InjectionDetect, which is based on graph convolutional neural networks (GCNs). GCN-InjectionDetect constructs an entire HTTP message into a graph and utilizes GCNs models to classify graph nodes, thereby achieving comprehensive injection attack detection. Experimental results demonstrate that GCN-InjectionDetect achieves a maximum detection accuracy of 99.2%, representing an improvement of up to 8.65% compared to similar methods.
External IDs:dblp:conf/wise/WanPLZDWL25
Loading