In recent years, deep learning–based attack detection techniques have been extensively studied in the security domain. However, due to their black-box nature, such methods struggle to provide reliable interpretation for their detection results, which limits their practical applicability. To offer trustworthy evidence for attack detection, namely, to accurately identify attack payloads, existing approaches still face several key challenges. First, they tend to capture correlational features rather than causal ones. Second, they provide only token-level, discrete localization of payloads. Third, they fail to ensure the syntactic integrity of the identified payload segments.

To address the aforementioned challenges, the Cybersecurity Team of our center proposes Dual-tower Contrastive Attention Fusion (DCAF), a novel approach that enables segment-level interpretation of web attack payloads in detection tasks. This approach leverages contrastive learning to guide the model to focus on the feature discrepancies between benign and malicious requests, as well as the subtle distinctions among different attack types, thereby effectively capturing payload characteristics. Furthermore, it integrates intrinsic data features with internal model signals to construct a comprehensive importance metric. Finally, a length-penalized Kadane algorithm is designed to identify contiguous high-importance segments rather than isolated tokens. Combined with syntax-aware pruning, this approach enables precise delineation of complete malicious payloads. Experimental results on real-world datasets demonstrate that, compared with SOTA methods, DCAF improves payload identification accuracy by 64.26%.

This research achievement has been accepted by DSN 2026, a recommended Class B conference by the China Computer Federation (CCF) and a leading academic venue in the fields of dependable systems and network security. The first author of the paper is Yue Yang, a PhD candidate at our center, and the corresponding author is Senior Engineer Long Chun. This work was jointly supported by the Young Scientist Project of the National Key R&D Program of China (2025YFB3110000) and the Youth Innovation Promotion Association of the Chinese Academy of Sciences (2023181).

Overview of DCAF

Related Publication：Yue Yang, Jing Zhao, Changhua Pei, Wei Wan, Chun Long*, Guanyao Du, Yawei Liu and Jingjing Li, “Beyond Token Attention: Contiguous and Interpretable Payload Identification for Web Attacks.” The 56th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Charlotte, USA, 2026.