V. Pham, Nghi Hoang Khoa, N. H. Quyen, Phan The Duy
{"title":"基于网络陷阱和MLOps的Web攻击检测欺骗和持续训练方法","authors":"V. Pham, Nghi Hoang Khoa, N. H. Quyen, Phan The Duy","doi":"10.32508/stdj.v26i2.4044","DOIUrl":null,"url":null,"abstract":"With the growth and expansion of the internet, web attacks have become more powerful and pose a significant threat in the cyber world. In response to this, this paper presents a deceptive approach for gathering malicious behavior to understand the strategies used by web attackers. The harmful requests collected through cyber traps or honeypots are analyzed and used to train machine learning (ML) models for web attack detection. Additionally, we implement an ML operations (MLOps) pipeline to automate the continuous training and deployment of these ML models in defensive systems. This pipeline trains the production model with newly collected data by using predefined triggers. Our experiments on two datasets, including Fwaf and our own, demonstrate that a proactive and continuous approach to tracking adversary behavior can effectively detect zero-day attacks, such as CVE-2022-26134 in web application servers.","PeriodicalId":160917,"journal":{"name":"Science & Technology Development Journal","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Deception and Continuous Training Approach for Web Attack Detection using Cyber Traps and MLOps\",\"authors\":\"V. Pham, Nghi Hoang Khoa, N. H. Quyen, Phan The Duy\",\"doi\":\"10.32508/stdj.v26i2.4044\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the growth and expansion of the internet, web attacks have become more powerful and pose a significant threat in the cyber world. In response to this, this paper presents a deceptive approach for gathering malicious behavior to understand the strategies used by web attackers. The harmful requests collected through cyber traps or honeypots are analyzed and used to train machine learning (ML) models for web attack detection. Additionally, we implement an ML operations (MLOps) pipeline to automate the continuous training and deployment of these ML models in defensive systems. This pipeline trains the production model with newly collected data by using predefined triggers. Our experiments on two datasets, including Fwaf and our own, demonstrate that a proactive and continuous approach to tracking adversary behavior can effectively detect zero-day attacks, such as CVE-2022-26134 in web application servers.\",\"PeriodicalId\":160917,\"journal\":{\"name\":\"Science & Technology Development Journal\",\"volume\":\"52 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Science & Technology Development Journal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.32508/stdj.v26i2.4044\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Science & Technology Development Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.32508/stdj.v26i2.4044","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Deception and Continuous Training Approach for Web Attack Detection using Cyber Traps and MLOps
With the growth and expansion of the internet, web attacks have become more powerful and pose a significant threat in the cyber world. In response to this, this paper presents a deceptive approach for gathering malicious behavior to understand the strategies used by web attackers. The harmful requests collected through cyber traps or honeypots are analyzed and used to train machine learning (ML) models for web attack detection. Additionally, we implement an ML operations (MLOps) pipeline to automate the continuous training and deployment of these ML models in defensive systems. This pipeline trains the production model with newly collected data by using predefined triggers. Our experiments on two datasets, including Fwaf and our own, demonstrate that a proactive and continuous approach to tracking adversary behavior can effectively detect zero-day attacks, such as CVE-2022-26134 in web application servers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
