在網路安全領域中,跨站腳本攻擊依然是最常見且危害性極高的漏洞之一。對於該攻擊,已有不少基於深度學習的跨站腳本載荷偵測模型被提出,但面對新型態或變異型的惡意載荷仍容易失效,導致防禦系統產生誤判或漏報。 為了解決此問題,本研究提出一個以大型語言模型為基礎的自我學習架構,利用大型語言模型具備語義理解能力、低建置成本、快速部署等優勢,相較於傳統的強化學習方式能更有效率地生成語意多樣且具滲透性的攻擊樣本,能自動生成具滲透能力的對抗型跨站腳本載荷,並作為深度學習模型的訓練資料,以持續強化其偵測能力。 本架構結合大型語言模型、對抗樣本設計與自動回饋機制,使偵測模型能在實驗環境中不斷對抗與學習新型攻擊,進而提升其穩健性與泛化能力。實驗結果顯示,透過本方法訓練後的模型,能有效提升對變異型載荷的偵測準確度,展現出此方法在主動防禦設計上的潛力。 ;Cross-site scripting (XSS) remains one of the most prevalent and dangerous web security threats. Although many deep learning-based models have been proposed for detecting XSS attacks, they often fail to detect novel or obfuscated payloads, resulting in false negatives and system vulnerabilities.
To solve this problem, this research proposes a self-learning framework using large language models (LLMs). The framework can automatically create XSS attack payloads that are able to get past common security filters. By leveraging the semantic understanding, low training cost, and rapid deployment capabilities of LLMs, this framework outperforms traditional RL-based approaches in efficiently generating diverse and hard-to-detect attack samples. These generated payloads are then used to improve the robustness of deep learning-based detection models.
The proposed framework combines LLM, adversarial sample creation, and feedback loop to simulate a continuous attack-defense situation. This allows the detection model to learn from new attack samples and improve its ability to handle different types of attacks. Test results show that the model trained with LLM-generated attack payloads improves its robustness for evasive attacks. This work shows that using LLMs with self-learning systems can help build more active and effective cybersecurity solutions.
