Abstract
With the continuous development of Web threats such as SQL injection and Cross-Site Scripting, Numerous web applications have been plagued by various forms of security threats and cyber attacks. And web attack detection has always been the focus of web security. Because the attacking payloads are often multiple small segments hidden in the long original request traffics, traditional machine learning based methods may have difficulties in learning useful patterns from the original request. In this study, we proposed an MLAB-BiLSTM method that can precisely detect Web attacks in real time by using multi-layer attention based bidirectional LSTM deep neural network. Firstly, due to the malicious payloads contains similar keywords, we used a keyword enhanced embedding method to transfer the original request to feature vectors. Then the features are divided into different segments. The words in the segments are firstly inputted into the bidirectional LSTM model with an attention mechanism to generate a encoded representation of different segments. Then the segments of the requests are input into another BiLSTM model with an attention mechanism to generate the encoded representation of the original request. Finally, the generated features are input into the Convolutional Neural Network to find out which kind of attack payload it is. The MLAB-BiLSTM model was tested on CSIC dataset and CTF competition traffic, the experiment results show that the accuracy of the model is above 99.81%, the recall of 99.56%, the precision of 99.60%, and the F1 Score is 0.9961, which outperformed both traditional rule-based methods like Libinjection or deep learning based methods like OwlEye.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 1–58 (2009)
Chandrasekhar, A., Raghuveer, K.: Intrusion detection technique by using k-means, fuzzy neural network and SVM classifiers. In: 2013 International Conference on Computer Communication and Informatics, pp. 1–7. IEEE (2013)
Chen, Y., Abraham, A., Yang, B.: Hybrid flexible neural-tree-based intrusion detection systems. Int. J. Intell. Syst. 22(4), 337–352 (2007)
Čisar, P., Čisar, S.M.: The framework of runtime application self-protection technology. In: 2016 IEEE 17th International Symposium on Computational Intelligence and Informatics (CINTI), pp. 000081–000086. IEEE (2016)
Corona, I., Ariu, D., Giacinto, G.: HMM-web: a framework for the detection of attacks against web applications. In: 2009 IEEE International Conference on Communications, pp. 1–6. IEEE (2009)
Firewall, A.: Modsecurity (2009)
Giménez, C.T., Villegas, A.P., Marañón, G.Á.: HTTP data set CSIC 2010. Information Security Institute of CSIC (Spanish Research National Council) (2010)
Kim, Y.: Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882 (2014)
LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436–444 (2015)
Liu, X., Yu, Q., Zhou, X., Zhou, Q.: OwlEye: an advanced detection system of web attacks based on HMM. In: 2018 IEEE 16th International Conference on Dependable, Autonomic and Secure Computing, 16th International Conference on Pervasive Intelligence and Computing, 4th International Conference on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), pp. 200–207. IEEE (2018)
O’Gorman, B., et al.: Internet security threat report. Technical report. Symantec Corporation (2019)
Sheng, S., Wardman, B., Warner, G., Cranor, L., Hong, J., Zhang, C.: An empirical analysis of phishing blacklists (2009)
Torrano-Gimenez, C., Nguyen, H.T., Alvarez, G., Franke, K.: Combining expert knowledge with automatic feature extraction for reliable web attack detection. Secur. Commun. Netw. 8(16), 2750–2767 (2015)
Vinayakumar, R., Soman, K., Poornachandran, P.: Evaluating deep learning approaches to characterize and classify malicious URL’s. J. Intell. Fuzzy Syst. 34(3), 1333–1343 (2018)
Yang, W., Zuo, W., Cui, B.: Detecting malicious URLs via a keyword-based convolutional gated-recurrent-unit neural network. IEEE Access 7, 29891–29900 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Yang, J., Zhou, M., Cui, B. (2020). MLAB-BiLSTM: Online Web Attack Detection Via Attention-Based Deep Neural Networks. In: Yu, S., Mueller, P., Qian, J. (eds) Security and Privacy in Digital Economy. SPDE 2020. Communications in Computer and Information Science, vol 1268. Springer, Singapore. https://doi.org/10.1007/978-981-15-9129-7_33
Download citation
DOI: https://doi.org/10.1007/978-981-15-9129-7_33
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-9128-0
Online ISBN: 978-981-15-9129-7
eBook Packages: Computer ScienceComputer Science (R0)