网络与信息安全学报2026,Vol.12Issue(2):41-54,14.DOI:10.11959/j.issn.2096-109x.AQ25264
基于流量交互图分析的Web服务威胁检测方法
Web service threat detection method based on traffic interaction graph analysis
摘要
Abstract
With the continuous expansion of Web service functionalities,the security threats they face have become increasingly severe,leading to growing demands for service security and reliability.As service resources scale up,the attack surface widens,and attacker capabilities strengthen,resulting in a rise in unknown threats and swarm at-tack.Particularly in real-world network environments where large amounts of unlabeled traffic data exist,key chal-lenges include achieving lightweight characterization of Web service traffic interactions,effectively detecting multi-source threats,and constructing a detection model with good interpretability in an unlabeled environment.These is-sues are critical to overcoming current security bottlenecks.To address these challenges,a lightweight traffic inter-action graph construction method based on traffic analysis for efficient characterization was proposed.By introduc-ing the structural entropy game partitioning mechanism,the adaptive partitioning of the communities in the traffic interaction graph has been achieved.On this basis,the topological characteristics of communities subgraphs were analyzed,and key communities were identified through graph metric ranking.Furthermore,a Z-score-based adap-tive threat vertex detection method was proposed to effectively identify high-threat vertices in key communities.Si-multaneously,a structural entropy-based swarm threat detection method was introduced to accurately detect swarm threat entities.The proposed method operates without relying on prior knowledge or data labels,while maintaining adaptability to unknown threats,robustness to encrypted traffic,and good interpretability.Experimental results on public datasets and real-world network traffic data demonstrated that the method could effectively identify various entities and attack behaviors that threaten the availability of Web services,achieving high detection accuracy and practical engineering application value.关键词
Web安全/威胁检测/流量交互图/结构信息理论Key words
Web security/threat detection/traffic interaction graph/structural information theory分类
信息技术与安全科学引用本文复制引用
余北缘,曾广杰,彭浩,刘建伟,李洪亮,谭学士..基于流量交互图分析的Web服务威胁检测方法[J].网络与信息安全学报,2026,12(2):41-54,14.基金项目
国家重点研发计划资助项目(No.2024YFB3108901) (No.2024YFB3108901)
国家自然科学基金资助项目(No.U21B2021,No.62472015,No.62202027) The National Key Research and Development Program of China(No.2024YFB3108901),The National Natural Science Foundation of China(No.U21B2021,No.62472015,No.62202027) (No.U21B2021,No.62472015,No.62202027)
