Skip to main content
Springer Nature Link
Log in

Payload Level Graph Attention Network for Web Attack Traffic Detection

  • Conference paper
  • First Online:
Computational Science – ICCS 2023 (ICCS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14077))

Included in the following conference series:

  • 1112 Accesses

Abstract

With the popularity of web applications, web attacks have become one of the major threats to cyberspace security. Many studies have focused on applying machine learning techniques for web attack traffic detection. However, past approaches suffer from two shortcomings: firstly, handcrafted feature extraction-based approaches are prone to introduce biases in existing perceptions, and secondly, current end-to-end deep learning approaches treat traffic payloads as non-structured string sequences ignoring their inherent structural characteristics. Therefore, we propose a graph-based web attack traffic detection model to identify the payloads in the traffic requests. Each pre-processed payload is transformed as an independent graph in which the node representations are shared through a global feature matrix. Finally, graph-level classification models are trained with graph attention networks combining global information. Experimental results on four publicly available datasets show that our approach successfully exploits local structural characteristics and global information to achieve state-of-the-art performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/faizann24/Fwaf-Machine-Learning-driven-Web-Application-Firewall.

  2. 2.

    https://www.datafountain.cn/competitions/596.

References

  1. Ariu, D., Tronci, R., Giacinto, G.: Hmmpayl: An intrusion detection system based on hidden markov models. Comput. Security 30(4), 221–241 (2011)

    Google Scholar 

  2. Bortolameotti, R., et al.: Decanter: Detection of anomalous outbound http traffic by passive application fingerprinting. In: Proceedings of the 33rd Annual computer security applications Conference, pp. 373–386 (2017)

    Google Scholar 

  3. Clincy, V., Shahriar, H.: Web application firewall: Network security models and configuration. In: 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 835–836. IEEE (2018)

    Google Scholar 

  4. Liu, Z., Fang, Y., Huang, C., Han, J.: Graphxss: an efficient xss payload detection approach based on graph convolutional network. Comput. Secur. 114, 102597 (2022)

    Article  Google Scholar 

  5. Nguyen, H.T., Torrano-Gimenez, C., Alvarez, G., Petrović, S., Franke, K.: Application of the generic feature selection measure in detection of web attacks. In: Herrero, Á., Corchado, E. (eds.) CISIS 2011. LNCS, vol. 6694, pp. 25–32. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21323-6_4

    Chapter  Google Scholar 

  6. Oza, A., Ross, K., Low, R.M., Stamp, M.: Http attack detection using n-gram analysis. Comput. Security 45, 242–254 (2014)

    Article  Google Scholar 

  7. Pennington, J., Socher, R., Manning, C.D.: Glove: Global vectors for word representation. In: Proceedings of the 2014 Conference On Empirical Methods In Natural Language Processing (EMNLP), pp. 1532–1543 (2014)

    Google Scholar 

  8. Pitchkites, M.: Top cyber security statistics, facts & trends in 2022 (2022), https://www.cloudwards.net/cyber-security-statistics/

  9. Qin, Z.-Q., Ma, X.-K., Wang, Y.-J.: Attentional payload anomaly detector for web applications. In: Cheng, L., Leung, A.C.S., Ozawa, S. (eds.) ICONIP 2018. LNCS, vol. 11304, pp. 588–599. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04212-7_52

    Chapter  Google Scholar 

  10. Ramos, J., et al.: Using tf-idf to determine word relevance in document queries. In: Proceedings of The First Instructional Conference On Machine Learning. vol. 242, pp. 29–48. New Jersey, USA (2003)

    Google Scholar 

  11. Smitha, R., Hareesha, K.S., Kundapur, P.P.: A machine learning approach for web intrusion detection: MAMLS perspective. In: Wang, J., Reddy, G.R.M., Prasad, V.K., Reddy, V.S. (eds.) Soft Computing and Signal Processing. AISC, vol. 900, pp. 119–133. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-3600-3_12

    Chapter  Google Scholar 

  12. Stevanović, N., Todorović, B., Todorović, V.: Web attack detection based on traps. Applied Intelligence, pp. 1–25 (2022)

    Google Scholar 

  13. Tama, B.A., Nkenyereye, L., Islam, S.R., Kwak, K.S.: An enhanced anomaly detection in web traffic using a stack of classifier ensemble. IEEE Access 8, 24120–24134 (2020)

    Article  Google Scholar 

  14. Veličković, P., Cucurull, G., Casanova, A., Romero, A., Liò, P., Bengio, Y.: Graph attention networks. In: International Conference on Learning Representations

    Google Scholar 

  15. Wang, H., et al.: jtrans: jump-aware transformer for binary code similarity detection. In: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 1–13 (2022)

    Google Scholar 

  16. Wang, J., Zhou, Z., Chen, J.: Evaluating cnn and lstm for web attack detection. In: Proceedings of the 2018 10th International Conference on Machine Learning and Computing, pp. 283–287 (2018)

    Google Scholar 

  17. Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 203–222. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30143-1_11

    Chapter  Google Scholar 

  18. Yao, L., Mao, C., Luo, Y.: Graph convolutional networks for text classification. In: Proceedings of the AAAI conference on artificial intelligence. vol. 33, pp. 7370–7377 (2019)

    Google Scholar 

  19. Yu, L., et al.: Detecting malicious web requests using an enhanced textcnn. In: 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC), pp. 768–777. IEEE (2020)

    Google Scholar 

  20. Yu, S., Qu, Y., Hu, X., Yin, H.: Deepdi: Learning a relational graph convolutional network model on instructions for fast and accurate disassembly. In: Proceedings of the USENIX Security Symposium (2022)

    Google Scholar 

  21. Zhuang, Y., Liu, Z., Qian, P., Liu, Q., Wang, X., He, Q.: Smart contract vulnerability detection using graph neural network. In: IJCAI, pp. 3283–3290 (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security Institute of Information Engineering, CAS, Beijing, China

    Huaifeng Bao, Wenhao Li, Xingyu Wang, Zixian Tang, Qiang Wang, Wen Wang & Feng Liu

  2. School of Cyber Security, University of CAS, Beijing, China

    Huaifeng Bao, Wenhao Li, Xingyu Wang, Zixian Tang, Qiang Wang, Wen Wang & Feng Liu

Authors
  1. Huaifeng Bao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenhao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xingyu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zixian Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Qiang Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Wen Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Feng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wen Wang .

Editor information

Editors and Affiliations

  1. Czech Technical University in Prague, Prague, Czech Republic

    Jiří Mikyška

  2. University of Amsterdam, Amsterdam, The Netherlands

    Clélia de Mulatier

  3. AGH University of Science and Technology, Krakow, Poland

    Maciej Paszynski

  4. University of Amsterdam, Amsterdam, The Netherlands

    Valeria V. Krzhizhanovskaya

  5. University of Tennessee at Knoxville, Knoxville, TN, USA

    Jack J. Dongarra

  6. University of Amsterdam, Amsterdam, The Netherlands

    Peter M.A. Sloot

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bao, H. et al. (2023). Payload Level Graph Attention Network for Web Attack Traffic Detection. In: Mikyška, J., de Mulatier, C., Paszynski, M., Krzhizhanovskaya, V.V., Dongarra, J.J., Sloot, P.M. (eds) Computational Science – ICCS 2023. ICCS 2023. Lecture Notes in Computer Science, vol 14077. Springer, Cham. https://doi.org/10.1007/978-3-031-36030-5_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-36030-5_32

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-36029-9

  • Online ISBN: 978-3-031-36030-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics