Anomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism

ISC Int. J. Inf. Secur. Pub Date : 2020-01-01 DOI:10.22042/isecure.2020.199009.479

S. Mohammadi, A. Namadchian

{"title":"Anomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism","authors":"S. Mohammadi, A. Namadchian","doi":"10.22042/isecure.2020.199009.479","DOIUrl":null,"url":null,"abstract":"Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in detecting new attacks. To tackle this problem, various methods of machine learning have been presented in recent years. Since malicious web requests have more delicate distinction than normal requests, these methods have failed to exhibit a good accuracy in new attack detection. This paper presents a new method for web attack detection using seq2seq networks using attention. The results show that this method could predict the possible responses and use the difference from the real responses of the server to model the normal traffic. Thereby, it could use the similarity measure to discriminate between normal and anomalous traffic. The highest accuracy of this method versus similar methods shows that the use of attention mechanism can cope with the challenge of studying long web requests to a great extent.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ISC Int. J. Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.22042/isecure.2020.199009.479","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in detecting new attacks. To tackle this problem, various methods of machine learning have been presented in recent years. Since malicious web requests have more delicate distinction than normal requests, these methods have failed to exhibit a good accuracy in new attack detection. This paper presents a new method for web attack detection using seq2seq networks using attention. The results show that this method could predict the possible responses and use the difference from the real responses of the server to model the normal traffic. Thereby, it could use the similarity measure to discriminate between normal and anomalous traffic. The highest accuracy of this method versus similar methods shows that the use of attention mechanism can cope with the challenge of studying long web requests to a great extent.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于异常的Web攻击检测:基于注意力机制的深度神经网络Seq2Seq的应用

如今，互联网和互联网网站的使用已经成为人们生活中不可或缺的一部分，而大多数活动和重要数据都在互联网网站中。因此，入侵这些网站的企图呈指数级增长。针对web攻击的入侵检测系统(IDS)是保护用户安全的一种手段。但是，这些系统存在检测新攻击的准确性低等缺点。为了解决这个问题，近年来出现了各种各样的机器学习方法。由于恶意web请求比正常请求具有更微妙的区别，这些方法在新攻击检测中未能表现出良好的准确性。提出了一种基于注意力的seq2seq网络的web攻击检测新方法。结果表明，该方法可以预测可能的响应，并利用与服务器实际响应的差异来模拟正常流量。因此，它可以使用相似度量来区分正常和异常的流量。与同类方法相比，该方法的最高准确率表明，使用注意机制可以在很大程度上应对长网页请求研究的挑战。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

ISC Int. J. Inf. Secur.

自引率

0.00%

发文量