Abstract
As web attacks have recently increased in number and sophistication, traditional machine learning methods have struggled to defend against well-designed attacks. Therefore, deep learning methods have been widely used in web attack detection, leveraging their ability to discern intricate features within the original payload for precise identification of web application threats. In this study, we propose a novel hybrid neural network model for web attack detection, named hybrid convolutional long short-term memory (HCLSTM). Specifically, the HCLSTM model utilizes two branches to extract features from Hypertext Transfer Protocol (HTTP) request packet: a Deep Feedforward Neural Network (DFNN) branch for extracting word features from Uniform Resource Locator (URL), and a Convolutional Neural Network (CNN) branch for capturing combinatorial and local relationships within payloads. Then, the extracted features from both branches are concatenated and subsequently fed into a Bidirectional Long Short-Term Memory (Bi-LSTM) network integrated with a self-attention mechanism, designed to capture intricate link relationships between URL and payloads. The final classification layer produces the detection results. To evaluate the proposed model, we conducted experiments on CSIC 2010 HTTP dataset. The experimental results reveal that HCLSTM can accurately detect web attacks with a high accuracy of 99.46% and a low false positive rate of 0.02%.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Availability of Data and Material
The CSIC2010 dataset are available in https://www.isi.csic.es/dataset.
References
Böhmecke-Schwafert M, García Moreno E (2023) Exploring blockchainbased innovations for economic and sustainable development in the global south: A mixed-method approach based on web mining and topic modeling. Technol Forecast Social Change 191:122446. https://doi.org/10.1016/j.techfore.2023.122446
Chakir O, Rehaimi A, Sadqi Y, Abdellaoui Alaoui EA, Krichen M, Gaba GS, Gurtov A (2023) An empirical assessment of ensemble methods and traditional machine learning techniques for web-based attack detection in industry 5.0. J King Saud Univ - Comput Inf Sci 35:103–119. https://doi.org/10.1016/j.jksuci.2023.02.009
Christy Eunaicy J, Suguna S (2022) Web attack detection using deep learning models. Materials Today: Proceedings 62:4806–4813. https://doi.org/10.1016/j.matpr.2022.03.348
Díaz-Verdejo JE, Alonso RE, Alonso AE, Madinabeitia G (2023) A critical review of the techniques used for anomaly detection of http-based attacks: taxonomy, limitations and open challenges. Comput Sec 124:102997. https://doi.org/10.1016/j.cose.2022.102997
Fang Y, Li Y, Liu L, Huang C (2018) Deepxss: Cross site scripting detection based on deep learning, in: Proceedings of the 2018 international conference on computing and artificial intelligence, ACM Press, pp 47–51. https://doi.org/10.1145/3194452.3194469
García R, Verdú E, Regueras LM, de Castro JP, Verdú MJ (2013) A neural network based intelligent system for tile prefetching in web map services. Expert Syst Appl 40:4096–4105. https://doi.org/10.1016/j.eswa.2013.01.037
Gugueoth V, Safavat S, Shetty S, Rawat D (2023) A review of iot security and privacy using decentralized blockchain techniques. Comput Sci Rev 50:100585. https://doi.org/10.1016/j.cosrev.2023.100585
Han SN, Crespi N (2017) Semantic service provisioning for smart objects: Integrating iot applications into the web. Futur Gener Comput Syst 76:180–197. https://doi.org/10.1016/j.future.2016.12.037
Hou J, Su D (2006) Integration of web services technology with business models within the total product design process for supplier selection. Comput Ind 57:797–808. https://doi.org/10.1016/j.compind.2006.04.008
Huang L, Lu X, Ba S (2016) An empirical study of the cross-channel effects between web and mobile shopping channels. Inf Manag 53:265–278. https://doi.org/10.1016/j.im.2015.10.006
Jemal I, Haddar MA, Cheikhrouhou O, Mahfoudhi A (2021) Performance evaluation of convolutional neural network for web security. Comput Commun 175:58–67. https://doi.org/10.1016/j.comcom.2021.04.029
Jiang Y, Wu S, Yang H, Luo H, Chen Z, Yin S, Kaynak O (2022) Secure data transmission and trustworthiness judgement approaches against cyber-physical attacks in an integrated data-driven framework. IEEE Trans Syst Man Cybern Syst 52:7799–7809. https://doi.org/10.1109/TSMC.2022.3164024
Jin X, Cui B, Yang J, Cheng Z (2018) Payload-based web attack detection using deep neural network, in: Advances on Broad-Band Wireless Computing, Communication and Applications: Proceedings of the 12th International Conference on Broad-Band Wireless Computing, Communication and Applications (BWCCA), Springer. pp 482–488. https://doi.org/10.1007/978-3-319-69811-3_44
Kaur S, Singh M (2019) Hybrid intrusion detection and signature generation using deep recurrent neural networks. Neural Comput & Applic 32:7859–7877. https://doi.org/10.1007/s00521-019-04187-9
Kim A, Park M, Lee DH (2020) Ai-ids: Application of deep learning to real-time web intrusion detection. IEEE Access 8:70245–70261. https://doi.org/10.1109/access.2020.2986882
Krishnan M, Lim Y, Perumal S, Palanisamy G (2022) Detection and defending the xss attack using novel hybrid stacking ensemble learning-based dnn approach. Digit Commun Netw. https://doi.org/10.1016/j.dcan.2022.09.024
Kuang X, Zhang M, Li H, Zhao G, Cao H, Wu Z, Wang X (2019) Deepwaf: detecting web attacks based on cnn and lstm models, in: Cyberspace Safety and Security: 11th International Symposium (CSS), Springer. pp 121–136. https://doi.org/10.1007/978-3-030-37352-8_11
Kuppa K, Dayal A, Gupta S, Dua A, Chaudhary P, Rathore S (2022) Convxss: A deep learning-based smart ict framework against code injection attacks for html5 web applications in sustainable smart city infrastructure. Sustain Cities Soc 80:103765. https://doi.org/10.1016/j.scs.2022.103765
Liang J, Zhao W, Ye W (2017) Anomaly-based web attack detection, in: Proceedings of the 2017 VI International Conference on Network, Communication and Computing (ICNCC), ACM Press. pp 80–85. https://doi.org/10.1145/3171592.3171594
Liu H, Lang B, Liu M, Yan H (2019) Cnn and rnn based payload classification methods for attack detection. Knowl-Based Syst 163:332–341. https://doi.org/10.1016/j.knosys.2018.08.036
Luo A, Huang W, Fan W (2019) A cnn-based approach to the detection of sql injection attacks, in: 2019 IEEE/ACIS 18th International Conference on Computer and Information Science (ICIS), IEEE, pp 320–324. https://doi.org/10.1109/icis46139.2019.8940196
Luo C, Tan Z, Min G, Gan J, Shi W, Tian Z (2021) A novel web attack detection system for internet of things via ensemble classification. IEEE Trans Ind Inf 17:5810–5818. https://doi.org/10.1109/tii.2020.3038761
Manimurugan S, Al-Mutairi S, Aborokbah MM, Chilamkurti N, Ganesan S, Patan R (2020) Effective attack detection in internet of medical things smart environment using a deep belief neural network. IEEE Access 8:77396–77404. https://doi.org/10.1109/access.2020.2986013
Maseer ZK, Yusof R, Bahaman N, Mostafa SA, Foozy CFM (2021) Benchmarking of machine learning for anomaly based intrusion detection systems in the cicids2017 dataset. IEEE access 9:22351–22370. https://doi.org/10.1109/access.2021.3056614
Mohammadian H, Ghorbani AA, Lashkari AH (2023) A gradient-based approach for adversarial attack on deep learning-based network intrusion detection systems. Appl Soft Comput 137:110173. https://doi.org/10.1016/j.asoc.2023.110173
Mokbal FMM, Dan W, Imran A, Jiuchuan L, Akhtar F, Xiaoxi W (2019) Mlpxss: An integrated xss-based attack detection scheme in web applications using multilayer perceptron technique. IEEE Access 7:100567–100580. https://doi.org/10.1109/access.2019.2927417
Moradi Vartouni A, Teshnehlab M, Sedighian Kashi S (2019) Leveraging deep neural networks for anomaly-based web application firewall. IET Inf Sec 13:352–361. https://doi.org/10.1049/iet-ifs.2018.5404
Nair V, Hinton GE (2010) Rectified linear units improve restricted boltzmann machine, in: Proceedings of the 27th International Conference on International Conference on Machine Learning (ICML), pp 807–814. https://doi.org/10.5555/3104322.3104425
Pennington J, Socher R, Manning CD (2014) Glove: Global vectors for word representation, in: Proceedings of the 2014 conference on empirical methods in natural language processing (EMNLP), Association for Computational Linguistics, pp 1532–1543. https://doi.org/10.3115/v1/d14-1162
Peredo R, Canales A, Menchaca A, Peredo I (2011) Intelligent web-based education system for adaptive learning. Expert Syst Appl 38:14690–14702. https://doi.org/10.1016/j.eswa.2011.05.013
Shahid WB, Aslam B, Abbas H, Khalid SB, Afzal H (2022) An enhanced deep learning based framework for web attacks detection, mitigation and attacker profiling. J Netw Comput Appl 198:103270. https://doi.org/10.1016/j.jnca.2021.103270
Sheykhkanloo NM (2015) Sql-ids: evaluation of sqli attack detection and classification based on machine learning techniques, in: Proceedings of the 8th International Conference on Security of Information and Networks, ACM, pp 258–266. https://doi.org/10.1145/2799979.2800011
Tama BA, Lim S (2021) Ensemble learning for intrusion detection systems: A systematic mapping study and cross-benchmark evaluation. Comput Sci Rev 39:100357. https://doi.org/10.1016/j.cosrev.2020.100357
Tama BA, Nkenyereye L, Islam SR, Kwak KS (2020) An enhanced anomaly detection in web traffic using a stack of classifier ensemble. IEEE Access 8:24120–24134. https://doi.org/10.1109/access.2020.2969428
Tang P, Qiu W, Huang Z, Lian H, Liu G (2020) Detection of sql injection based on artificial neural network. Knowl-Based Syst 190:105528. https://doi.org/10.1016/j.knosys.2020.105528
Tekerek A (2021) A novel architecture for web-based attack detection using convolutional neural network. Comput Sec 100:102096. https://doi.org/10.1016/j.cose.2020.102096
Tian Z, Luo C, Qiu J, Du X, Guizani M (2020) A distributed deep learning system for web attack detection on edge devices. IEEE Trans Ind Inf 16:1963–1971. https://doi.org/10.1109/tii.2019.2938778
Torrano G, Perez Villegas AM (2010) Csic 2010 http dataset. https://www.isi.csic.es/dataset/
Vartouni AM, Kashi SS, Teshnehlab M (2018) An anomaly detection method to detect web attacks using stacked auto-encoder, in: 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS), pp 131–134. https://doi.org/10.1109/CFIS.2018.8336654
Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez AN, Kaiser Lu, Polosukhin I (2017) Attention is all you need, in: Advances in Neural Information Processing Systems, Curran Associates, pp 5998–6008. https://doi.org/10.48550/arXiv.1706.03762
Wang Y (2021) 5g network for embedded web medical system and nursing intervention after cardiovascular intervention in hospital. Microprocess Microsyst 82:103866. https://doi.org/10.1016/j.micpro.2021.103866
Zhang Y, Hong JI, Cranor LF (2007) Cantina: a content-based approach to detecting phishing web sites, in: Proceedings of the 16th International Conference on World Wide Web, ACM. pp 639–648. https://doi.org/10.1145/1242572.1242659
Acknowledgements
The work is supported by the Key Research Platforms and Projects of Higher Education Institutions in Guangdong Province (No. 2024ZDZX1021, 2024KSYS012), the Guangdong Basic and Applied Basic Research Foundation (No. 2514050003605), the Science and Technology Planning Projects of Shantou (No. 220516096491783), and the National Training Program of Innovation and Entrepreneurship for Undergraduates (No. 202410560028).
Author information
Authors and Affiliations
Contributions
Kangqiang Luo: Conceptualization, Methodology, Validation, Software, Investigation, Data curation, Writing-original draft. Yindong Chen: Supervision, Resources, Carrying out additional analyses, Writing-review & editing, Funding acquisition.
Corresponding author
Ethics declarations
Competing of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Ethical and informed consent for data used
The datasets pertinent to this study are accessible to the public, and the authors of the manuscript confirm their awareness that the data utilized in this article does not raise any ethical concerns.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Luo, K., Chen, Y. A novel hybrid neural network approach incorporating convolution and LSTM with a self-attention mechanism for web attack detection. Appl Intell 55, 146 (2025). https://doi.org/10.1007/s10489-024-05998-7
Accepted:
Published:
DOI: https://doi.org/10.1007/s10489-024-05998-7