面向电力信息系统日志数据的注入攻击特征提取方法

电力数据安全随着电力信息网与互联网的接入变得尤为严峻,其数据与规模愈加庞大复杂.为了对其进行有效的安全分析及特征提取,提出一种基于特征提取的SQL注入攻击检测模型.从Web访问日志中提取SQL注入语法特征和行为特征,得到语法特征矩阵和行为特征矩阵数据集.以漏报率和误报率为评价指标,选取K-means、Naive Bay...

INJECTION ATTACK FEATURE EXTRACTION METHOD FOR LOG DATA OF POWER INFORMATION SYSTEM

Power data security becomes especially important with the access of power information network and Internet.Its data and scale become more and more huge and complex.To effectively perform security analysis and feature extraction,a SQL injection attack detection model based on feature extraction is proposed.SQL injection syntactic feature and behavioral feature were extracted from the Web access logs,and two types of data sets were obtained for syntactic feature matrix and behavioral feature matrix.Based on the evaluation index of false positive rate and false negative rate,K-means,Naive Bayes,SVM and RF algorithms were selected to experiment on two types of data sets.The results show that the behavioral feature matrix has a better effect in SQL injection attack detection than using the syntactic feature matrix as the data set.In addition,the detection effect of SVM and RF is better,with lower false negative rate and false positive rate.The method proposed in this paper can effectively detect SQL injection attacks.