[Retracted] Class Image Processing Application of XSS Intrusion Intelligent Detection for Big Data in Campus Network Construction

Zhang, Zhe

doi:https://doi.org/10.1155/2022/6757104

Security and Communication Networks

On this page

Abstract Introduction Literature Review Conclusion Data Availability Conflicts of Interest References Copyright Related Articles

Research Article Retraction

!

This article has been Retracted. To view the article details, please click the ‘Retraction’ tab above.

Special Issue

Multiparty Computations, Co-operations, and Communications for Privacy and Network Security

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 6757104 | https://doi.org/10.1155/2022/6757104

[Retracted] Class Image Processing Application of XSS Intrusion Intelligent Detection for Big Data in Campus Network Construction

Zhe Zhang¹

Academic Editor: C. Venkatesan

Received07 Jun 2022

Revised17 Jun 2022

Accepted27 Jul 2022

Published17 Aug 2022

Abstract

In order to improve the effect of XSS intrusion intelligent detection, this paper proposes an application of big data-oriented XSS intrusion intelligent detection based on class image processing in the construction of university campus network. In this application, image like processing method is used for data acquisition, data cleaning, data sampling, feature extraction, and other data preprocessing; design a word vector quantization algorithm based on neural network to realize word vector quantization and get word vector big data; through theoretical analysis and derivation, a variety of deep neural network intelligent detection algorithms with different depths are realized; through experiments, it is found that the average recognition rate of each deep DNN for the class I big data set is about 99.44%, the variance is about 0.000002, and the standard deviation is about 0.001589; the average recognition rate of class II big data set is about 99.77%, the variance is about 0.000006, and the standard deviation is about 0.002427. The experimental results show that this method has the characteristics of high recognition rate, good stability, and excellent overall performance.

1. Introduction

With the continuous development of information technology, cyberspace has become the fifth frontier after land, sea, sky, and space. As one of the key national information infrastructures, the Internet has played a huge role in the political, military, economic, transportation, and other fields. In the transport sector, smart connectivity can improve road safety and efficiency and make traffic flow more smoothly. And in the logistics sector, smart connectivity has the potential to improve the efficiency and flexibility of the delivery of goods, making logistics faster and cheaper. At the same time, the frequency and scale of attacks in the network also show an increasing trend year by year [1]. For example, in the Internet security threat report released by the United States in 2019, it was pointed out that: (1) in terms of malware, the frequency of malware attacks decreased slightly, and the number of blackmail software attacks decreased by 20% for the first time since 2013, but the number of attacks against enterprises increased by 12%. In 2018, the number of mine hijacking attacks was four times that of 2017. (2) In terms of mobile devices, the number of ransomware infections on mobile devices increased by 33% compared with 2017. The United States is the hardest hit area for mobile malware, accounting for 63% of the total, followed by China (13%) and Germany (10%). (3) In terms of web attacks, the total number of Web attacks on endpoints increased by 56% in 2018. In December, more than 1.3 million web attacks could be intercepted on endpoint machines every day. (4) In terms of targeted attacks, supply chain attacks and off ground attacks have become the mainstream of cybercrime, with supply chain attacks increasing by 78% in 2018. (5) In terms of the Internet of things, the number of attacks on the Internet of things increased significantly in 2017, reaching an average of 5,200 attacks per month, and stabilized in 2018. In addition, attacks such as DDoS attacks, mining, web attacks, and physical attacks are common on the Internet. These attacks have caused huge economic losses and even seriously threatened national security and social stability [2]. Therefore, how to effectively protect attacks from the network has become an urgent problem to be solved, as shown in Figure 1.

2. Literature Review

Since the web field has attracted extensive attention, the problem of web security has attracted more and more attention, and the research on web security is more and more necessary [3]. As important intrusion information for attackers, web logs have always been a research hotspot in intrusion detection. Hotspot technology is required when using the same graphic of a web page as the carrier of multiple hyperlinks. When the visitor moves the eye cursor to the hot spot, the cursor will change to a hand shape by default. The hot spot has different shapes such as rectangular area and circular area. Ilyas and Alharbi established a rule base for SQL injection attacks and focused on how SQL injection bypasses the detection filter, which makes the matching accuracy of the rule base high [4]. Lian et al. proposed that the hidden Markov model (HMM) can be used to simulate system call sequence, which provides an application basis for anomaly detection using the hidden Markov model [5]. Mendonca et al. proposed an XSS attack detection method based on support vector machine SVM classifier. This method analyzes a large number of XSS attack samples, extracts the most representative features and vectorizes them, then trains and tests the SVM algorithm, and evaluates the detection effect of the classifier through three indicators: accuracy, recall, and false positive rate [6]. Fan and Sharma analyzed the characteristics of SQL injection and XSS attack, selected 6 attack characteristics, trained the attack characteristics using SVM algorithm, and verified the feasibility of training the characteristics of SQL injection and XSS attack on Weka [7]. Shriram et al. proposed a network anomaly detection framework based on outlier mining and detection. The framework uses random forest algorithm to build network service patterns on network data and uses the built patterns to detect intrusion [8]. Alharbi et al. proposed a network anomaly detection using outlier approach (nado) [9]. Nado first uses a mutation form of clustering algorithm to cluster normal data and then calculates reference points from each cluster and constructs behavior profiles. Finally, calculate the outlier score of each point to be detected relative to the reference point. If the score is above the user's threshold, it will be considered an anomaly.

The traditional computer virus detection method mainly uses the existing features in the virus feature database, extracts the features of the corresponding samples, and uses the virus database to search and compare whether there are matching features to determine the virus. This approach is usually based on knowledge of the disease. It is difficult to detect emerging viruses, especially for deformed viruses, and its efficiency is low, especially for big data. The current safety protection measures have changed from 80% protection +20% detection and response to 20% protection +80% detection and response [10]. Deep learning shows stronger learning ability than traditional machine learning methods in speech, image, and natural language processing, and has achieved very good results, especially for big data. Therefore, this paper studies the application of image processing oriented big data XSS intrusion intelligent detection in the construction of university campus network.

3. Research Methods

3.1. Big Data Processing and Modeling

Searching for negative websites is important, based on the analysis of the text, i. e., the number of extractions and physical visits, such as the number, mean, and variance of URL parameters, distribution of attributes, and frequency of visits. At present, there is a lack of sample data based on security protection, and few samples with labels. Therefore, data processing and modeling are required, including data acquisition, data preprocessing (data cleaning, data sampling, feature extraction), numerical analysis, and behavior decision making [11].

In the computer, any information is represented by 0 and 1 binary sequences. For example, all characters (including letters, Chinese characters, English words, and other languages) have a code; images are also represented by digital files. Therefore, in this paper, the big data log text is converted into numerical data and represented by a matrix so as to use the image processing method for data processing and analysis. That is, the attack message is converted into a matrix similar to image data, i. e. pixels, and the string sequence samples are also converted into vectors with corresponding dimension values. Further operations such as matrix correlation, dimension reduction, clustering, and PCA can be obtained, and then the artificial intelligence method is used for user behavior analysis, network traffic analysis, and fraud detection [12].

3.1.1. Corpus Big Data Acquisition

The data used for the experiment include two types of big data: positive sample big data (with attack behavior), which is obtained by crawling from the website http://xssed.com/ using crawler tools, and is composed of payload data; in order to reflect the particularity and universality of negative sample big data (normal network requests), two pieces of data were collected, one from the access log big data of our network center from May to December last year, and the other from various network platforms through web crawlers. They are all unprocessed corpus big data [13].

3.1.2. Big Data Processing

The continuous bag of words model (cbow), a word2vec tool based on neural network, is used to realize big data corpus processing, data cutting, word segmentation, and word vectorization. The one hot encoded word vector is mapped to a distributed word vector; this reduces dimensionality and sparsity. At the same time, the correlation degree of any word can be obtained by calculating the Euclidean distance or cosine of the included angle between vectors [14]. The specific treatment process is as follows:(1)First, traverse the dataset, replace all the numbers with 0, and replace http/, http/, HTTPS/, HTTPS with http://; secondly, word segmentation is carried out according to HTML tags, JavaScript function body, http://,and parameter rules; build vocabulary based on diary documents and then encode words independently [15].(2)The structure of word vectorization model based on neural network is constructed, including input layer, projection layer, and output layer. The model is trained with input samples to obtain distributed word vectors.(3)The positive sample word set is counted, and 3,000 words with the highest word frequency are used to form a thesaurus. The others are marked as com. In this paper, the feature vector distribution is set to 128 dimensions, the maximum dimension of the distance between the current word and the predicted word is 5, the noise is 64, and 5 iterations are performed. Because the character length of each data is different, the maximum character length is taken as the standard, and if it is insufficient, it is filled with -1. When designing labels for datasets, one hot coding is used. The positive sample labels that belong to attack samples are represented by 1, and the negative sample labels that belong to normal network requirements are represented by 0.

Through the above methods, a total of 40,637 positive sample datasets, 105,912 negative sample datasets, and 200,129 negative sample datasets are obtained, which are large in number and high in computational complexity. In order to improve the training results, the positive samples and two types of negative samples are mixed together, and randomly divided into training set and test set, with the quantity ratio of 7 : 3.

3.2. Algorithm Design

3.2.1. Word Vectorization Algorithm Design

Cbow is used to realize word vector, that is, the probability of current word occurrence is predicted with known context words [16]. To this end, it is necessary to maximize the log likelihood function as follows (1):where represents the words in corpus , which can be regarded as a multiclassification problem, and the multiclassification is composed of two classifications, so the hierarchical softmax method can be used [17]. First, we calculate the conditional probability of , and the formula is as follows (2):where means path; indicates the number of nodes; , ,…, represents each node; represents the code of word ; represents the code corresponding to the node in the path; represents the parameter vector corresponding to the nonleaf node on the path. Each term on the right in (2) is a logistic regression to obtain (3):

Since only takes 0 and 1, (3) can be expressed in exponential form as the following (4):

Substituting (4) into (1) yields (5):

Each item in (5) can be recorded as the following (6):

To maximize (5) composed of the sum of polynomials, each term can be maximized respectively, i. e., (6). The random gradient method is used for two parameters, one is the parameter vector of each node, and the other is the input of the output layer. Calculate the partial derivatives respectively to obtain the following (7):where is the sigmoid function. So, , substituting into (7) can get (8):

Finally, the iterative evaluation of is realized as follows:where is the learning rate. From (6), it can be seen that and are symmetric, so we can get that the partial derivative about is the following (10):

Since is the sum of the word vectors of the context, the entire updated value is applied to the word vectors of each word of the context during processing:where represents the context word vector.

Based on the above main algorithms, the model is established, and the word vector can be obtained by taking the original corpus as the input.

3.2.2. Deep Neural Network Algorithm Design

Compared with traditional neural networks or other ml algorithms, deep neural networks show excellent performance; especially for big data, it has the advantages of more identification, stronger robustness, and better generalization. Therefore, a deep neural network algorithm is designed to realize security protection detection, and the big data training model is adopted [18]. The mean square error during training can be expressed as the following equation (12):

In order to calculate the optimization parameters, the gradient descent method is used to minimize the function. Let the obtained partial derivatives be called the residual of each unit, and recorded as . The residual of the last layer (output layer) unit can be obtained as follows (13):

Next, when , the residuals of the units in each layer can be calculated. For example, the residuals of the units in layer are as follows (14):where represents the weight, represents the offset, represents the training sample, represents the final output, and represents the activation function. Replace the relationship between and in the formula with the relationship between and to obtain the following formula (15):

By using the above formula, the residual of each unit can be calculated so as to further calculate the partial derivative based on variables such as weights as the following formula (16) [19]:

Thus, the weight change process can be obtained as follows:

The change process of the offset term is [20]:

Thus, DNN learning and training can be realized [21].

4. Result Analysis

4.1. Experimental Data

Section 3.2 implements the acquisition, processing, modeling, word segmentation, and word vectorization of corpus big data. A total of 40,637 positive sample datasets, 105,912 negative sample datasets, and 200,129 negative sample datasets were obtained; the number is large and the computational complexity is high. In order to improve the training effect, the two types of negative sample sets are merged with the positive sample set, respectively, and are randomly divided into the training set and the test set in the ratio of 7 : 3, which are recorded as the first and second large datasets [2, 22].

4.2. Experimental Results and Analysis

Based on DNN, the depth of 3, 4, 5, 6, and 7 layers are constructed, respectively, and different superparameters are designed, including sample block size, learning rate, and the number of different neurons contained in each layer. A dataset of word-sized vectors for the model used for training and testing experiments. In order to test the stability of the system, 20 experiments were carried out on each type of data. The results are as follows:(1)Based on the different superparameters of each deep DNN design, the recognition rate obtained from 20 experiments on the class I big dataset. The lowest recognition rate is 0.9839, and the highest recognition rate is 0.9955. The recognition rate increases with the increase of training times and finally tends to be stable. The curve is shown in Figure 2.(2)Based on the different superparameters of each deep DNN design, the recognition rate obtained from 20 experiments on the class II large dataset. The minimum recognition rate is 0.9864 and the maximum recognition rate is 0.9990. The recognition rate increases with the increase of training times and finally tends to be stable. The curve is shown in Figure 3.

In addition, through experiments, it is found that the average recognition rate of each deep DNN for class I large dataset is about 99.44%, the variance is about 0.000002, and the standard deviation is about 0.001589, as shown in Table 1.

Similarly, through experiments, the average recognition rate of each deep DNN for class II large dataset is about 99.77%, the variance is about 0.000006, and the standard deviation is about 0.002427, as shown in Table 2.

The change process curve of average absolute error is obtained, as shown in Figure 4. It can be seen that the average absolute error decreases and tends to the minimum stable value with the progress of training.

5. Conclusion

In this paper, we use the image like processing method to process the word vector of big data in the access traffic corpus and realize the XSS intrusion intelligent detection for big data with the proposed intelligent algorithm. Firstly, based on the unstructured characteristics of traffic corpus data, image like processing methods are cleverly used for data acquisition, cleaning, sampling, and feature extraction; secondly, an algorithm based on neural network is designed to realize word vectorization of corpus big data; then, through theoretical analysis and verification, a variety of different deep neural network intelligent detection algorithms are proposed; finally, repeated experiments are carried out, different super parameters are designed, and the results such as maximum recognition rate, minimum recognition rate, mean value, variance, standard deviation, recognition rate change process curve, and average absolute error change process curve are obtained. It is proved that the image processing XSS intrusion intelligent detection system studied in this paper has the advantages of high recognition rate, good stability, and excellent overall performance. In order to better handle big data, we will continue to explore intelligent intrusion detection based on parallelization of cloud computing clusters in the future.

Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

References

S. Sandosh, V. Govindasamy, and G. Akila, “Enhanced learning vector quantization for detecting intrusions in ids,” International Journal of Web Portals, vol. 12, no. 1, pp. 57–72, 2020.
View at: Google Scholar
S. Einy, C. Oz, and Y. D. Navaei, “The anomaly- and signature-based ids for network security using hybrid inference systems,” Mathematical Problems in Engineering, vol. 2021, no. 9, pp. 1–10, 2021.
View at: Publisher Site | Google Scholar
N. Balasubramanian, A. Askarunisa, and A. Ruba, “Sos-ws host shield: a sketch-based service oriented shield against web application business layer ids attacks,” Computer Communications, vol. 153, pp. 626–631, 2020.
View at: Publisher Site | Google Scholar
M. U. Ilyas and S. A. Alharbi, “Machine learning approaches to network intrusion detection for contemporary internet traffic,” Computing, vol. 104, no. 5, pp. 1061–1076, 2022.
View at: Publisher Site | Google Scholar
W. Lian, G. Nie, B. Jia, D. Shi, Q. Fan, and Y. Liang, “An intrusion detection method based on decision tree-recursive feature elimination in ensemble learning,” Mathematical Problems in Engineering, vol. 2020, no. 9, pp. 1–15, 2020.
View at: Publisher Site | Google Scholar
R. V. Mendonca, A. A. M. Teodoro, R. L. Rosa et al., “Intrusion detection system based on fast hierarchical deep convolutional neural network,” IEEE Access, vol. 9, pp. 61024–61034, 2021.
View at: Publisher Site | Google Scholar
M. Fan and A. Sharma, “Design and implementation of construction cost prediction model based on svm and lssvm in industries 4.0,” International Journal of Intelligent Computing and Cybernetics, vol. 14, no. 2, pp. 145–157, 2021.
View at: Publisher Site | Google Scholar
S. Shriram, B. Nagaraj, J. Jaya, S. Shankar, and P. Ajay, “Deep learning-based real-time AI virtual mouse system using computer vision to avoid COVID-19 spread,” Journal of Healthcare Engineering, pp. 2021–2028, 2021.
View at: Publisher Site | Google Scholar
M. Alharbi, M. Roach, T. Cheesman, and R. S. Laramee, “Vnlp: visible natural language processing,” Information Visualization, vol. 20, no. 4, pp. 245–262, 2021.
View at: Publisher Site | Google Scholar
K. Haynes, H. Shirazi, and I. Ray, “Lightweight url-based phishing detection using natural language processing transformers for mobile devices,” Procedia Computer Science, vol. 191, no. 106505, pp. 127–134, 2021.
View at: Publisher Site | Google Scholar
X. Liu and Z. Ahmadi, “H2O and H2S Adsorption by Assistance of a Heterogeneous Carbon boron Nitrogen Nanocage: Computational study,” Main Group Chemistry, vol. 21, no. 01, pp. 185–193, 2021.
View at: Google Scholar
P. Ajay, B. Nagaraj, R. A. Kumar, R. Huang, and P. Ananthi, “Unsupervised hyperspectral microscopic image segmentation using deep embedded clustering algorithm,” Scanning, vol. 2022, Article ID 1200860, 2022.
View at: Google Scholar
S. D. Shirke and C. Rajabhushnam, “Local gradient pattern and deep learning-based approach for the iris recognition at-a-distance,” International Journal of Knowledge-Based and Intelligent Engineering Systems, vol. 25, no. 1, pp. 49–64, 2021.
View at: Publisher Site | Google Scholar
S. Alya Ev, M. Shahriari, D. Pardo, N. J. Omella, and E. Suter, “Modeling extra-deep em logs using a deep neural network,” Geophysics, vol. 86, no. 3, pp. 1–47, 2021.
View at: Google Scholar
J. Gu, W. Wang, R. Yin, C. V. Truong, B. P. Ganthia, and B. P. Ganthia, “Complex circuit simulation and nonlinear characteristics analysis of GaN power switching device,” Nonlinear Engineering, vol. 10, no. 1, pp. 555–562, 2021.
View at: Publisher Site | Google Scholar
L. Lihua, “Simulation physics-informed deep neural network by adaptive Adam optimization method to perform a comparative study of the system,” Engineering with Computers, vol. 38, no. S2, pp. 1111–1130, 2021.
View at: Publisher Site | Google Scholar
L. Chen, H. Xiong, X. Sang, C. Yuan, X. Li, and Q. Kong, “An innovative deep neural network–based approach for internal cavity detection of timber columns using percussion sound,” Structural Health Monitoring, vol. 21, no. 3, pp. 1251–1265, 2021.
View at: Publisher Site | Google Scholar
Y. He, “Application of biomimetic nanomaterials in biological detection and the intelligent recognition method of nanoparticle images,” Journal of Nanoelectronics and Optoelectronics, vol. 16, no. 1, pp. 23–30, 2021.
View at: Publisher Site | Google Scholar
H. Xiao, S. Ali, Z. Zhang, M. S. Sarfraz, F. Zhang, and M. Faisal, “Big data, extracting insights, comprehension, and analytics in cardiology: an overview,” Journal of Healthcare Engineering, vol. 2021, no. 7541, pp. 1–14, 2021.
View at: Publisher Site | Google Scholar
J. Wang and Y. Gao, “Suspect multifocus image fusion based on sparse denoising autoencoder neural network for police multimodal big data analysis,” Scientific Programming, vol. 2021, no. 3, pp. 1–12, 2021.
View at: Publisher Site | Google Scholar
H. Vajjha and P. Sushma, “Techniques and limitations in securing the log files to enhance network security and monitoring,” Solid State Technology, vol. 64, no. 2, pp. 1–8, 2021.
View at: Google Scholar
G. Veselov, A. Tselykh, A. Sharma, and R. Huang, “Special issue on applications of artificial intelligence in evolution of smart cities and societies,” Informatica, vol. 45, no. 5, p. 603, 2021.
View at: Google Scholar

Copyright

Copyright © 2022 Zhe Zhang. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies