Skip to main content

Advertisement

A novel hybrid neural network approach incorporating convolution and LSTM with a self-attention mechanism for web attack detection

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

As web attacks have recently increased in number and sophistication, traditional machine learning methods have struggled to defend against well-designed attacks. Therefore, deep learning methods have been widely used in web attack detection, leveraging their ability to discern intricate features within the original payload for precise identification of web application threats. In this study, we propose a novel hybrid neural network model for web attack detection, named hybrid convolutional long short-term memory (HCLSTM). Specifically, the HCLSTM model utilizes two branches to extract features from Hypertext Transfer Protocol (HTTP) request packet: a Deep Feedforward Neural Network (DFNN) branch for extracting word features from Uniform Resource Locator (URL), and a Convolutional Neural Network (CNN) branch for capturing combinatorial and local relationships within payloads. Then, the extracted features from both branches are concatenated and subsequently fed into a Bidirectional Long Short-Term Memory (Bi-LSTM) network integrated with a self-attention mechanism, designed to capture intricate link relationships between URL and payloads. The final classification layer produces the detection results. To evaluate the proposed model, we conducted experiments on CSIC 2010 HTTP dataset. The experimental results reveal that HCLSTM can accurately detect web attacks with a high accuracy of 99.46% and a low false positive rate of 0.02%.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

Availability of Data and Material

The CSIC2010 dataset are available in https://www.isi.csic.es/dataset.

References

  1. Böhmecke-Schwafert M, García Moreno E (2023) Exploring blockchainbased innovations for economic and sustainable development in the global south: A mixed-method approach based on web mining and topic modeling. Technol Forecast Social Change 191:122446. https://doi.org/10.1016/j.techfore.2023.122446

    Article  Google Scholar 

  2. Chakir O, Rehaimi A, Sadqi Y, Abdellaoui Alaoui EA, Krichen M, Gaba GS, Gurtov A (2023) An empirical assessment of ensemble methods and traditional machine learning techniques for web-based attack detection in industry 5.0. J King Saud Univ - Comput Inf Sci 35:103–119. https://doi.org/10.1016/j.jksuci.2023.02.009

    Article  Google Scholar 

  3. Christy Eunaicy J, Suguna S (2022) Web attack detection using deep learning models. Materials Today: Proceedings 62:4806–4813. https://doi.org/10.1016/j.matpr.2022.03.348

    Article  MATH  Google Scholar 

  4. Díaz-Verdejo JE, Alonso RE, Alonso AE, Madinabeitia G (2023) A critical review of the techniques used for anomaly detection of http-based attacks: taxonomy, limitations and open challenges. Comput Sec 124:102997. https://doi.org/10.1016/j.cose.2022.102997

    Article  MATH  Google Scholar 

  5. Fang Y, Li Y, Liu L, Huang C (2018) Deepxss: Cross site scripting detection based on deep learning, in: Proceedings of the 2018 international conference on computing and artificial intelligence, ACM Press, pp 47–51. https://doi.org/10.1145/3194452.3194469

  6. García R, Verdú E, Regueras LM, de Castro JP, Verdú MJ (2013) A neural network based intelligent system for tile prefetching in web map services. Expert Syst Appl 40:4096–4105. https://doi.org/10.1016/j.eswa.2013.01.037

    Article  MATH  Google Scholar 

  7. Gugueoth V, Safavat S, Shetty S, Rawat D (2023) A review of iot security and privacy using decentralized blockchain techniques. Comput Sci Rev 50:100585. https://doi.org/10.1016/j.cosrev.2023.100585

    Article  Google Scholar 

  8. Han SN, Crespi N (2017) Semantic service provisioning for smart objects: Integrating iot applications into the web. Futur Gener Comput Syst 76:180–197. https://doi.org/10.1016/j.future.2016.12.037

    Article  MATH  Google Scholar 

  9. Hou J, Su D (2006) Integration of web services technology with business models within the total product design process for supplier selection. Comput Ind 57:797–808. https://doi.org/10.1016/j.compind.2006.04.008

    Article  MATH  Google Scholar 

  10. Huang L, Lu X, Ba S (2016) An empirical study of the cross-channel effects between web and mobile shopping channels. Inf Manag 53:265–278. https://doi.org/10.1016/j.im.2015.10.006

    Article  MATH  Google Scholar 

  11. Jemal I, Haddar MA, Cheikhrouhou O, Mahfoudhi A (2021) Performance evaluation of convolutional neural network for web security. Comput Commun 175:58–67. https://doi.org/10.1016/j.comcom.2021.04.029

    Article  MATH  Google Scholar 

  12. Jiang Y, Wu S, Yang H, Luo H, Chen Z, Yin S, Kaynak O (2022) Secure data transmission and trustworthiness judgement approaches against cyber-physical attacks in an integrated data-driven framework. IEEE Trans Syst Man Cybern Syst 52:7799–7809. https://doi.org/10.1109/TSMC.2022.3164024

    Article  MATH  Google Scholar 

  13. Jin X, Cui B, Yang J, Cheng Z (2018) Payload-based web attack detection using deep neural network, in: Advances on Broad-Band Wireless Computing, Communication and Applications: Proceedings of the 12th International Conference on Broad-Band Wireless Computing, Communication and Applications (BWCCA), Springer. pp 482–488. https://doi.org/10.1007/978-3-319-69811-3_44

  14. Kaur S, Singh M (2019) Hybrid intrusion detection and signature generation using deep recurrent neural networks. Neural Comput & Applic 32:7859–7877. https://doi.org/10.1007/s00521-019-04187-9

    Article  MATH  Google Scholar 

  15. Kim A, Park M, Lee DH (2020) Ai-ids: Application of deep learning to real-time web intrusion detection. IEEE Access 8:70245–70261. https://doi.org/10.1109/access.2020.2986882

    Article  MATH  Google Scholar 

  16. Krishnan M, Lim Y, Perumal S, Palanisamy G (2022) Detection and defending the xss attack using novel hybrid stacking ensemble learning-based dnn approach. Digit Commun Netw. https://doi.org/10.1016/j.dcan.2022.09.024

    Article  Google Scholar 

  17. Kuang X, Zhang M, Li H, Zhao G, Cao H, Wu Z, Wang X (2019) Deepwaf: detecting web attacks based on cnn and lstm models, in: Cyberspace Safety and Security: 11th International Symposium (CSS), Springer. pp 121–136. https://doi.org/10.1007/978-3-030-37352-8_11

  18. Kuppa K, Dayal A, Gupta S, Dua A, Chaudhary P, Rathore S (2022) Convxss: A deep learning-based smart ict framework against code injection attacks for html5 web applications in sustainable smart city infrastructure. Sustain Cities Soc 80:103765. https://doi.org/10.1016/j.scs.2022.103765

    Article  Google Scholar 

  19. Liang J, Zhao W, Ye W (2017) Anomaly-based web attack detection, in: Proceedings of the 2017 VI International Conference on Network, Communication and Computing (ICNCC), ACM Press. pp 80–85. https://doi.org/10.1145/3171592.3171594

  20. Liu H, Lang B, Liu M, Yan H (2019) Cnn and rnn based payload classification methods for attack detection. Knowl-Based Syst 163:332–341. https://doi.org/10.1016/j.knosys.2018.08.036

    Article  MATH  Google Scholar 

  21. Luo A, Huang W, Fan W (2019) A cnn-based approach to the detection of sql injection attacks, in: 2019 IEEE/ACIS 18th International Conference on Computer and Information Science (ICIS), IEEE, pp 320–324. https://doi.org/10.1109/icis46139.2019.8940196

  22. Luo C, Tan Z, Min G, Gan J, Shi W, Tian Z (2021) A novel web attack detection system for internet of things via ensemble classification. IEEE Trans Ind Inf 17:5810–5818. https://doi.org/10.1109/tii.2020.3038761

    Article  MATH  Google Scholar 

  23. Manimurugan S, Al-Mutairi S, Aborokbah MM, Chilamkurti N, Ganesan S, Patan R (2020) Effective attack detection in internet of medical things smart environment using a deep belief neural network. IEEE Access 8:77396–77404. https://doi.org/10.1109/access.2020.2986013

    Article  Google Scholar 

  24. Maseer ZK, Yusof R, Bahaman N, Mostafa SA, Foozy CFM (2021) Benchmarking of machine learning for anomaly based intrusion detection systems in the cicids2017 dataset. IEEE access 9:22351–22370. https://doi.org/10.1109/access.2021.3056614

    Article  Google Scholar 

  25. Mohammadian H, Ghorbani AA, Lashkari AH (2023) A gradient-based approach for adversarial attack on deep learning-based network intrusion detection systems. Appl Soft Comput 137:110173. https://doi.org/10.1016/j.asoc.2023.110173

    Article  MATH  Google Scholar 

  26. Mokbal FMM, Dan W, Imran A, Jiuchuan L, Akhtar F, Xiaoxi W (2019) Mlpxss: An integrated xss-based attack detection scheme in web applications using multilayer perceptron technique. IEEE Access 7:100567–100580. https://doi.org/10.1109/access.2019.2927417

    Article  Google Scholar 

  27. Moradi Vartouni A, Teshnehlab M, Sedighian Kashi S (2019) Leveraging deep neural networks for anomaly-based web application firewall. IET Inf Sec 13:352–361. https://doi.org/10.1049/iet-ifs.2018.5404

    Article  MATH  Google Scholar 

  28. Nair V, Hinton GE (2010) Rectified linear units improve restricted boltzmann machine, in: Proceedings of the 27th International Conference on International Conference on Machine Learning (ICML), pp 807–814. https://doi.org/10.5555/3104322.3104425

  29. Pennington J, Socher R, Manning CD (2014) Glove: Global vectors for word representation, in: Proceedings of the 2014 conference on empirical methods in natural language processing (EMNLP), Association for Computational Linguistics, pp 1532–1543. https://doi.org/10.3115/v1/d14-1162

  30. Peredo R, Canales A, Menchaca A, Peredo I (2011) Intelligent web-based education system for adaptive learning. Expert Syst Appl 38:14690–14702. https://doi.org/10.1016/j.eswa.2011.05.013

    Article  MATH  Google Scholar 

  31. Shahid WB, Aslam B, Abbas H, Khalid SB, Afzal H (2022) An enhanced deep learning based framework for web attacks detection, mitigation and attacker profiling. J Netw Comput Appl 198:103270. https://doi.org/10.1016/j.jnca.2021.103270

  32. Sheykhkanloo NM (2015) Sql-ids: evaluation of sqli attack detection and classification based on machine learning techniques, in: Proceedings of the 8th International Conference on Security of Information and Networks, ACM, pp 258–266. https://doi.org/10.1145/2799979.2800011

  33. Tama BA, Lim S (2021) Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation. Comput Sci Rev 39:100357. https://doi.org/10.1016/j.cosrev.2020.100357

    Article  MathSciNet  MATH  Google Scholar 

  34. Tama BA, Nkenyereye L, Islam SR, Kwak KS (2020) An enhanced anomaly detection in web traffic using a stack of classifier ensemble. IEEE Access 8:24120–24134. https://doi.org/10.1109/access.2020.2969428

    Article  Google Scholar 

  35. Tang P, Qiu W, Huang Z, Lian H, Liu G (2020) Detection of sql injection based on artificial neural network. Knowl-Based Syst 190:105528. https://doi.org/10.1016/j.knosys.2020.105528

    Article  MATH  Google Scholar 

  36. Tekerek A (2021) A novel architecture for web-based attack detection using convolutional neural network. Comput Sec 100:102096. https://doi.org/10.1016/j.cose.2020.102096

    Article  Google Scholar 

  37. Tian Z, Luo C, Qiu J, Du X, Guizani M (2020) A distributed deep learning system for web attack detection on edge devices. IEEE Trans Ind Inf 16:1963–1971. https://doi.org/10.1109/tii.2019.2938778

    Article  MATH  Google Scholar 

  38. Torrano G, Perez Villegas AM (2010) Csic 2010 http dataset. https://www.isi.csic.es/dataset/

  39. Vartouni AM, Kashi SS, Teshnehlab M (2018) An anomaly detection method to detect web attacks using stacked auto-encoder, in: 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS), pp 131–134. https://doi.org/10.1109/CFIS.2018.8336654

  40. Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez AN, Kaiser Lu, Polosukhin I (2017) Attention is all you need, in: Advances in Neural Information Processing Systems, Curran Associates, pp 5998–6008. https://doi.org/10.48550/arXiv.1706.03762

  41. Wang Y (2021) 5g network for embedded web medical system and nursing intervention after cardiovascular intervention in hospital. Microprocess Microsyst 82:103866. https://doi.org/10.1016/j.micpro.2021.103866

    Article  MATH  Google Scholar 

  42. Zhang Y, Hong JI, Cranor LF (2007) Cantina: a content-based approach to detecting phishing web sites, in: Proceedings of the 16th International Conference on World Wide Web, ACM. pp 639–648. https://doi.org/10.1145/1242572.1242659

Download references

Acknowledgements

The work is supported by the Key Research Platforms and Projects of Higher Education Institutions in Guangdong Province (No. 2024ZDZX1021, 2024KSYS012), the Guangdong Basic and Applied Basic Research Foundation (No. 2514050003605), the Science and Technology Planning Projects of Shantou (No. 220516096491783), and the National Training Program of Innovation and Entrepreneurship for Undergraduates (No. 202410560028).

Author information

Authors and Affiliations

Authors

Contributions

Kangqiang Luo: Conceptualization, Methodology, Validation, Software, Investigation, Data curation, Writing-original draft. Yindong Chen: Supervision, Resources, Carrying out additional analyses, Writing-review & editing, Funding acquisition.

Corresponding author

Correspondence to Yindong Chen.

Ethics declarations

Competing of interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Ethical and informed consent for data used

The datasets pertinent to this study are accessible to the public, and the authors of the manuscript confirm their awareness that the data utilized in this article does not raise any ethical concerns.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Luo, K., Chen, Y. A novel hybrid neural network approach incorporating convolution and LSTM with a self-attention mechanism for web attack detection. Appl Intell 55, 146 (2025). https://doi.org/10.1007/s10489-024-05998-7

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10489-024-05998-7

Keywords