Abstract
With the development of the Internet and the increased popularity of web applications, the web has become one of the main venues for attackers engaging in cybercrimes. While enjoying the convenience of web applications, consumers also face security problems, such as the leakage of sensitive information and Internet fraud. Security protection mechanisms, such as traditional intrusion detection systems (IDSs) and web application firewalls (WAFs), are becoming incompetent at defending against the new cyber-attacks. In this paper, we propose a web attack detection approach that takes advantage of analysing the malicious intentions hidden in user actions. First, after using the independent user behaviours to build a sequential behaviour model, the proposed approach extracts the hidden malicious intentions of attackers from normal and seemingly normal behaviours utilizing a Long Short-Term Memory (LSTM) network. Then, on the basis of the user intentions, the approach leverages ensemble learning techniques to integrate extra inherent features of abnormal behaviour, resulting in its efficient practicality. The experimental results show the effectiveness of the proposed approach on the CSIC 2010 dataset with 99.87% accuracy.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
OWASP Top Ten https://owasp.org/www-project-top-ten/. Accessed 02 July 2020
Kar, D., Panigrahi, S., Sundararajan, S.: SQLiDDS: SQL injection detection using query transformation and document similarity. In: Natarajan, R., Barua, G., Patra, M.R. (eds.) ICDCIT 2015. LNCS, vol. 8956, pp. 377–390. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-14977-6_41
Johari, R., Sharma, P.: A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection. In: 2012 International Conference on Communication Systems and Network Technologies, Piscataway, pp. 453–458. IEEE (2012)
Kuang, X., et al.: DeepWAF: detecting web attacks based on CNN and LSTM models. In: Vaidya, J., Zhang, X., Li, J. (eds.) CSS 2019. LNCS, vol. 11983, pp. 121–136. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-37352-8_11
Zhang, M., Xu, B., Bai, S., Lu, S., Lin, Z.: A deep learning method to detect web attacks using a specially designed CNN. In: Liu, D., Xie, S., Li, Y., Zhao, D., El-Alfy, E.-S.M. (eds.) ICONIP 2017. LNCS, vol. 10638, pp. 828–836. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70139-4_84
Liang, J., Zhao, W., Ye, W.: Anomaly-based web attack detection: a deep learning approach. In: Proceedings of the 2017 VI International Conference on Network, Communication and Computing (ICNCC 2017), New York, pp. 80–85. ACM (2017)
Liu, T., Qi, Y., Shi, L., et al.: Locate-then-detect: real-time web attack detection via attention-based deep neural networks. In: Twenty-Eighth International Joint Conference on Artificial Intelligence IJCAI-19, Morgan Kaufmann, San Francisco, pp. 4725–4731 (2019)
Corona, I., Ariu, D., Giacinto, G.: HMM-Web: a framework for the detection of attacks against web applications. In: 2009 IEEE International Conference on Communications, Piscataway, pp. 1–6. IEEE (2009)
Ito, M., Iyatomi, H.: Web application firewall using character-level convolutional neural network. In: 2018 IEEE 14th International Colloquium on Signal Processing & Its Applications (CSPA), Piscataway, pp. 103–106. IEEE (2018)
Tian, Z., Luo, C., Qiu, J., Du, X., Guizani, M.: A distributed deep learning system for web attack detection on edge devices. IEEE Trans. Ind. Inform. 16(3), 1963–1971 (2020)
HTTP DATASET CSIC 2010. https://www.isi.csic.es/dataset/. Accessed 02 July 2020
Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. In: 1st International Conference on Learning Representations, ICLR 2013 (2013)
Le, Q., Mikolov, T.: Distributed representations of sentences and documents. In: Proceedings of the 31st International Conference on International Conference on Machine Learning - Volume 32 (ICML 2014), pp. 1188–1196. ACM, New York (2014)
Pennington, J., Socher, R., Manning, C.: Glove: global vectors for word representation. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing, Stroudsburg, pp. 1532–1543. ACL (2014)
Qiu, M., Ming, Z., Li, J., Liu, S., Wang, B., Lu, Z.: Three-phase time-aware energy minimization with DVFS and unrolling for chip multiprocessors. J. Syst. Arch. 58, 439–445 (2012)
Qiu, M., Sha, H.M., Liu, M., et al.: Energy minimization with loop fusion and multi-functional-unit scheduling for multidimensional DSP. J. Parallel Distrib. Comput. 68, 443–455 (2008)
Shao, Z., Xue, C., Zhuge, Q., et al.: Security protection and checking in embedded system integration against buffer overflow attacks. IEEE Trans. Comput. 55, 443–453 (2006)
Qiu, M., Chen, Z., Niu, J., et al.: Data allocation for hybrid memory with genetic algorithm. IEEE Trans. Emerg. Top. Comput. 3, 544–555 (2015)
Li, J., Ming, Z., Qiu, M., et al.: Resource allocation robustness in multi-core embedded systems with inaccurate information. J. Syst. Arch. 57(9), 840–849 (2011)
Acknowledgement
This work was supported by the National Natural Science Foundation of China (Grant No. 61672494), the National key research and development program of China (Grant No. 2018YFB1800705), the Key Research and Development Program for Guangdong Province (Grant No. 2019B010136001).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhang, Y., Lu, J., Jin, S. (2020). Web Attack Detection Based on User Behaviour Semantics. In: Qiu, M. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2020. Lecture Notes in Computer Science(), vol 12454. Springer, Cham. https://doi.org/10.1007/978-3-030-60248-2_31
Download citation
DOI: https://doi.org/10.1007/978-3-030-60248-2_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-60247-5
Online ISBN: 978-3-030-60248-2
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)