Web application firewall using character-level convolutional neural network

Web applications can be maliciously exploited by malicious HTTP requests. Normally, web application firewall (WAF) protects web applications from known attacks using pattern matching method. However, introduction of WAF is usually expensive as it requires the definition of patterns according to the situation. Furthermore, the system cannot block unknown malicious request. In this paper, we come up with an efficient machine learning approach to solve these issues. Our approach uses Character-level convolutional neural network (CLCNN) with very large global max-pooling for extracting the feature of HTTP request and identify it into normal or malicious request. We evaluated our system on HTTP DATASET CSIC 2010 dataset and achieved 98.8% of accuracy under 10-fold cross validation and the average processing time per request was 2.35ms.

[1]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[2]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[3]  Daiki Shimada,et al.  Document classification through image-based character embedding and wildcard training , 2016, 2016 IEEE International Conference on Big Data (Big Data).

[4]  Jason Weston,et al.  Curriculum learning , 2009, ICML '09.

[5]  Samanvay Gupta Buffer Overflow Attack , 2012 .

[6]  Yoshua Bengio,et al.  Gradient-based learning applied to document recognition , 1998, Proc. IEEE.

[7]  Jon Barker,et al.  Malware Detection by Eating a Whole EXE , 2017, AAAI Workshops.

[8]  Richard Socher,et al.  Quasi-Recurrent Neural Networks , 2016, ICLR.

[9]  Ahmed Serhrouchni,et al.  Improving Web Application Firewalls to detect advanced SQL injection attacks , 2014, 2014 10th International Conference on Information Assurance and Security.

[10]  Tong Zhang,et al.  Supervised and Semi-Supervised Text Categorization using LSTM for Region Embeddings , 2016, ICML.

[11]  Blase Ur,et al.  Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks , 2016, USENIX Annual Technical Conference.

[12]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[13]  Roy George,et al.  Efficient detection of anomolous HTTP payloads in networks , 2016, SoutheastCon 2016.

[14]  Konstantin Berlin,et al.  eXpose: A Character-Level Convolutional Neural Network with Embeddings For Detecting Malicious URLs, File Paths and Registry Keys , 2017, ArXiv.

[15]  Станислав Андреевич Ковалев,et al.  Разработка формальной модели подбора наиболее оптимального Web Application Firewall (WAF) , 2017 .