CECoR-Net: A Character-Level Neural Network Model for Web Attack Detection

With the growing volume and sophistication of cyber attacks, ongoing attention is required to enable automated attack detection. In this paper, we focus on web applications due to its rapid evolution. The threat analysis of them is increasingly recognized as essential to any serious development. In this paper, we propose CECoR-Net for web attack detection. This model combines the Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) techniques. This attack detection model relies only on a character-level input of the HTTP requests, which dramatically simplifies the data pre-processing. We prove that the CECoR-Net outperforms the previous CNN-based web attack detection baseline with the advantage in both misuse and anomaly detection methods: it not only detects known featured attacks with high accuracy but also perceives unknown attacks with high precision.

[1]  Gilbert Hendry,et al.  Intrusion signature creation via clustering anomalies , 2008, SPIE Defense + Commercial Sensing.

[2]  R. Priyadarshini,et al.  A cross platform intrusion detection system using inter server communication technique , 2011, 2011 International Conference on Recent Trends in Information Technology (ICRTIT).

[3]  Zhaowen Lin,et al.  A hybrid web log based intrusion detection model , 2016, 2016 4th International Conference on Cloud Computing and Intelligence Systems (CCIS).

[4]  Mohammad Teshnehlab,et al.  An anomaly detection method to detect web attacks using Stacked Auto-Encoder , 2018, 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS).

[5]  Zhiguang Qin,et al.  SQL injection attack detection using fingerprints and pattern matching technique , 2017, 2017 8th IEEE International Conference on Software Engineering and Service Science (ICSESS).

[6]  Dilip Motwani,et al.  Implementation of IDS for web application attack using evolutionary algorithm , 2017, 2017 International Conference on Intelligent Computing and Control (I2C2).

[7]  Meikang Qiu,et al.  An Empirical Study of Web Interface Design on Small Display Devices , 2004, IEEE/WIC/ACM International Conference on Web Intelligence (WI'04).

[8]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[9]  Keke Gai,et al.  Security-Aware Efficient Mass Distributed Storage Approach for Cloud Systems in Big Data , 2016, 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS).

[10]  Yoon Kim,et al.  Convolutional Neural Networks for Sentence Classification , 2014, EMNLP.

[11]  Hossain Shahriar,et al.  Web service injection attack detection , 2017, 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST).

[12]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[13]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[14]  Trevor Darrell,et al.  Long-term recurrent convolutional networks for visual recognition and description , 2014, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[15]  Konstantin Berlin,et al.  eXpose: A Character-Level Convolutional Neural Network with Embeddings For Detecting Malicious URLs, File Paths and Registry Keys , 2017, ArXiv.

[16]  Je-Won Kang,et al.  Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security , 2016, PloS one.

[17]  Manish Dixit,et al.  Cross site scripting (XSS) attack detection using intrustion detection system , 2017, 2017 International Conference on Intelligent Computing and Control Systems (ICICCS).

[18]  Yuchen Wang,et al.  Learning and Applying Ontology for Machine Learning in Cyber Attack Detection , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[19]  Nalini A. Mhetre,et al.  A novel approach for detection of SQL injection and cross site scripting attacks , 2015, 2015 International Conference on Pervasive Computing (ICPC).

[20]  Geoffrey E. Hinton,et al.  Visualizing Data using t-SNE , 2008 .

[21]  Meikang Qiu,et al.  Reinforcement Learning for Cyber-Physical Systems , 2019, 2019 IEEE International Conference on Industrial Internet (ICII).

[22]  Howon Kim,et al.  Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection , 2016, 2016 International Conference on Platform Technology and Service (PlatCon).

[23]  Yan Ma,et al.  Anomaly detection of malicious users' behaviors for web applications based on web logs , 2017, 2017 IEEE 17th International Conference on Communication Technology (ICCT).

[24]  Alexander M. Rush,et al.  Character-Aware Neural Language Models , 2015, AAAI.

[25]  Yuefei Zhu,et al.  A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks , 2017, IEEE Access.

[26]  Alejandro Pérez-Villegas,et al.  An Anomaly-Based Approach for Intrusion Detection in Web Traffic , 2010 .

[27]  Zhihui Lu,et al.  An efficient key distribution system for data fusion in V2X heterogeneous networks , 2019, Inf. Fusion.

[28]  Gonzalo Álvarez,et al.  An Anomaly-based Web Application Firewall , 2009, SECRYPT.

[29]  Meikang Qiu,et al.  Secure wireless communication system for smart grid with rechargeable electric vehicles , 2012, IEEE Communications Magazine.

[30]  Howon Kim,et al.  An Effective Intrusion Detection Classifier Using Long Short-Term Memory with Gradient Descent Optimization , 2017, 2017 International Conference on Platform Technology and Service (PlatCon).

[31]  Debasish Das,et al.  A Web Intrusion Detection Mechanism based on Feature based Data Clustering , 2009, 2009 IEEE International Advance Computing Conference.

[32]  Ming Zhang,et al.  A Deep Learning Method to Detect Web Attacks Using a Specially Designed CNN , 2017, ICONIP.