Abstract
The modern Internet has witnessed the proliferation of web applications that play a crucial role in the branding process among enterprises. Web applications provide a communication channel between potential customers and business products. However, web applications are also targeted by attackers due to sensitive information stored in these applications. Among web-related attacks, there exists a rising but more stealthy attack where attackers first access a web application on behalf of normal users based on stolen credentials. Then attackers follow a sequence of sophisticated steps to achieve the malicious purpose. Traditional security solutions fail to detect relevant abnormal behaviors once attackers login to the web application. To address this problem, we propose WebLearner, a novel system to detect abnormal web-user behaviors. As we demonstrate in the evaluation, WebLearner has an outstanding performance. In particular, it can effectively detect abnormal user behaviors with over 96% for both precision and recall rates using a reasonably small amount of normal training data.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Amza, C., et al.: Specification and implementation of dynamic Web site benchmarks. In: 5th Workshop on Workload Characterization. No. CONF (2002)
Clutch: Small Business Websites in 2018. https://clutch.co/website-builders/resources/small-business-websites-2018
Du, M., Li, F., Zheng, G., Srikumar, V.: DeepLog: anomaly detection and diagnosis from system logs through deep learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1285–1298. ACM (2017)
García, V.H., Monroy, R., Quintana, M.: Web attack detection using ID3. In: Debenham, J. (ed.) Professional Practice in Artificial Intelligence. IIFIP, vol. 218, pp. 323–332. Springer, Boston, MA (2006). https://doi.org/10.1007/978-0-387-34749-3_34
Gers, F.A., Schraudolph, N.N., Schmidhuber, J.: Learning precise timing with LSTM recurrent networks. J. Mach. Learn. Res. 3, 115–143 (2002)
Graves, A., Schmidhuber, J.: Framewise phoneme classification with bidirectional LSTM and other neural network architectures. Neural Netw. 18(5–6), 602–610 (2005)
Han, S., et al.: ESE: efficient speech recognition engine with sparse LSTM on FPGA. In: Proceedings of the 2017 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays, pp. 75–84 (2017)
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
Huang, Z., Xu, W., Yu, K.: Bidirectional LSTM-CRF models for sequence tagging. arXiv preprint arXiv:1508.01991 (2015)
Imperva: the state of Web application vulnerabilities in 2018. https://www.imperva.com/blog/the-state-of-web-application-vulnerabilities-in-2018/
Karim, F., Majumdar, S., Darabi, H., Chen, S.: Lstm fully convolutional networks for time series classification. IEEE Access 6, 1662–1669 (2017)
OWASP: OWASP top ten project. https://www.owasp.org/index.php/Main_Page
PTSecurity: cybersecurity threatscape 2018: trends and forecasts. https://www.ptsecurity.com/ww-en/analytics/cybersecurity-threatscape-2018/
Seo, J., Kim, H.S., Cho, S., Cha, S.: Web server attack categorization based on root causes and their locations. In: International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004, vol. 1, pp. 90–96. IEEE (2004)
Wang, Y., Huang, M., Zhu, X., Zhao, L.: Attention-based LSTM for aspect-level sentiment classification. In: Proceedings of the 2016 Conference on Empirical Methods in Natural Language Processing, pp. 606–615 (2016)
Xie, Y., Yu, S.Z.: A large-scale hidden Semi-Markov model for anomaly detection on user browsing behaviors. IEEE/ACM Trans. Netw. 17(1), 54–65 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Gui, J., Chen, Z., Yu, X., Lumezanu, C., Chen, H. (2020). Anomaly Detection on Web-User Behaviors Through Deep Learning. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 335. Springer, Cham. https://doi.org/10.1007/978-3-030-63086-7_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-63086-7_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63085-0
Online ISBN: 978-3-030-63086-7
eBook Packages: Computer ScienceComputer Science (R0)