Jing Yang , Yuangui Wu , Yuping Yuan , Haozhong Xue , Sami Bourouis , Mahmoud Abdel-Salam , Sunil Prajapat , Lip Yee Por
{"title":"LLM-AE-MP: Web Attack Detection Using a Large Language Model with Autoencoder and Multilayer Perceptron","authors":"Jing Yang , Yuangui Wu , Yuping Yuan , Haozhong Xue , Sami Bourouis , Mahmoud Abdel-Salam , Sunil Prajapat , Lip Yee Por","doi":"10.1016/j.eswa.2025.126982","DOIUrl":null,"url":null,"abstract":"<div><div>Web applications store sensitive data, making them prime targets for cybercriminals and posing national security risks. This study introduces a new approach to distinguishing legitimate and malicious hypertext transfer protocol (HTTP) requests using an autoencoder (AE). The integration of AE allows for efficient feature distillation, enhancing the sensitivity of the model to anomalies in HTTP traffic. The AE framework is combined with a transductive long short-term memory (TLSTM) network, which is trained with an advanced generative adversarial network (GAN). Using GAN promotes an adaptive learning environment, significantly boosting the robustness and generalizability of our method against evolving web attack vectors. TLSTM uses transductive learning to focus on data points near the test set, improving the adaptability of the model to outperform traditional LSTM models. In our GAN, the generator purposely excludes gradients from the most influential batch elements, improving the ability of the model to generate diverse and generalized outputs. After training the AE, its latent representations are passed to a multilayer perceptron (MLP) for detection tasks. To address the imbalanced classification in MLP, we use a reinforcement learning (RL) strategy. The RL approach strategically adjusts incentives, enhancing the performance of the model in identifying less frequent but critical malicious instances, thereby supporting a balanced security assessment. Our evaluations using the CSIC 2010 (Spanish National Research Council 2010), FWAF (web application firewall), and HttpParams datasets show that our method outperforms existing techniques, achieving (Accuracy, F-measure, geometric mean (G-means), and area under the curve (AUC)) reaching (90.937%, 89.755%, 88.446%, 0.838), (89.055, 90.663%, 88.334%, 0.847) and (92.242%, 93.774%, 91.356%, 0.897), respectively. Moreover, our model achieves efficient runtime and memory usage across the datasets, providing a practical solution for real-time web attack detection. These results confirm the effectiveness of the model in security contexts, representing a substantial advancement in web attack detection and the improvement of investigative strategies.</div></div>","PeriodicalId":50461,"journal":{"name":"Expert Systems with Applications","volume":"274 ","pages":"Article 126982"},"PeriodicalIF":7.5000,"publicationDate":"2025-02-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Expert Systems with Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0957417425006049","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
Abstract
Web applications store sensitive data, making them prime targets for cybercriminals and posing national security risks. This study introduces a new approach to distinguishing legitimate and malicious hypertext transfer protocol (HTTP) requests using an autoencoder (AE). The integration of AE allows for efficient feature distillation, enhancing the sensitivity of the model to anomalies in HTTP traffic. The AE framework is combined with a transductive long short-term memory (TLSTM) network, which is trained with an advanced generative adversarial network (GAN). Using GAN promotes an adaptive learning environment, significantly boosting the robustness and generalizability of our method against evolving web attack vectors. TLSTM uses transductive learning to focus on data points near the test set, improving the adaptability of the model to outperform traditional LSTM models. In our GAN, the generator purposely excludes gradients from the most influential batch elements, improving the ability of the model to generate diverse and generalized outputs. After training the AE, its latent representations are passed to a multilayer perceptron (MLP) for detection tasks. To address the imbalanced classification in MLP, we use a reinforcement learning (RL) strategy. The RL approach strategically adjusts incentives, enhancing the performance of the model in identifying less frequent but critical malicious instances, thereby supporting a balanced security assessment. Our evaluations using the CSIC 2010 (Spanish National Research Council 2010), FWAF (web application firewall), and HttpParams datasets show that our method outperforms existing techniques, achieving (Accuracy, F-measure, geometric mean (G-means), and area under the curve (AUC)) reaching (90.937%, 89.755%, 88.446%, 0.838), (89.055, 90.663%, 88.334%, 0.847) and (92.242%, 93.774%, 91.356%, 0.897), respectively. Moreover, our model achieves efficient runtime and memory usage across the datasets, providing a practical solution for real-time web attack detection. These results confirm the effectiveness of the model in security contexts, representing a substantial advancement in web attack detection and the improvement of investigative strategies.
期刊介绍:
Expert Systems With Applications is an international journal dedicated to the exchange of information on expert and intelligent systems used globally in industry, government, and universities. The journal emphasizes original papers covering the design, development, testing, implementation, and management of these systems, offering practical guidelines. It spans various sectors such as finance, engineering, marketing, law, project management, information management, medicine, and more. The journal also welcomes papers on multi-agent systems, knowledge management, neural networks, knowledge discovery, data mining, and other related areas, excluding applications to military/defense systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
