Web Attack Detection Based on User Behaviour Semantics

With the development of the Internet and the increased popularity of web applications, the web has become one of the main venues for attackers engaging in cybercrimes. While enjoying the convenience of web applications, consumers also face security problems, such as the leakage of sensitive information and Internet fraud. Security protection mechanisms, such as traditional intrusion detection systems (IDSs) and web application firewalls (WAFs), are becoming incompetent at defending against the new cyber-attacks. In this paper, we propose a web attack detection approach that takes advantage of analysing the malicious intentions hidden in user actions. First, after using the independent user behaviours to build a sequential behaviour model, the proposed approach extracts the hidden malicious intentions of attackers from normal and seemingly normal behaviours utilizing a Long Short-Term Memory (LSTM) network. Then, on the basis of the user intentions, the approach leverages ensemble learning techniques to integrate extra inherent features of abnormal behaviour, resulting in its efficient practicality. The experimental results show the effectiveness of the proposed approach on the CSIC 2010 dataset with 99.87% accuracy.

[1]  Meikang Qiu,et al.  Security protection and checking for embedded system integration against buffer overflow attacks via hardware/software , 2006, IEEE Transactions on Computers.

[2]  Hitoshi Iyatomi,et al.  Web application firewall using character-level convolutional neural network , 2018, 2018 IEEE 14th International Colloquium on Signal Processing & Its Applications (CSPA).

[3]  Meikang Qiu,et al.  Energy minimization with loop fusion and multi-functional-unit scheduling for multidimensional DSP , 2008, J. Parallel Distributed Comput..

[4]  Giorgio Giacinto,et al.  HMM-Web: A Framework for the Detection of Attacks Against Web Applications , 2009, 2009 IEEE International Conference on Communications.

[5]  Meikang Qiu,et al.  Three-phase time-aware energy minimization with DVFS and unrolling for Chip Multiprocessors , 2012, J. Syst. Archit..

[6]  Yu Qi,et al.  Locate-Then-Detect: Real-time Web Attack Detection via Attention-based Deep Neural Networks , 2019, IJCAI.

[7]  Quoc V. Le,et al.  Distributed Representations of Sentences and Documents , 2014, ICML.

[8]  Xiaojiang Du,et al.  A Distributed Deep Learning System for Web Attack Detection on Edge Devices , 2020, IEEE Transactions on Industrial Informatics.

[9]  Jeffrey Dean,et al.  Efficient Estimation of Word Representations in Vector Space , 2013, ICLR.

[10]  Zhi Chen,et al.  Data Allocation for Hybrid Memory With Genetic Algorithm , 2015, IEEE Transactions on Emerging Topics in Computing.

[11]  Edwin Hsing-Mean Sha,et al.  Security protection and checking in embedded system integration against buffer overflow attacks , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[12]  Ming Zhang,et al.  A Deep Learning Method to Detect Web Attacks Using a Specially Designed CNN , 2017, ICONIP.

[13]  Meikang Qiu,et al.  Resource allocation robustness in multi-core embedded systems with inaccurate information , 2011, J. Syst. Archit..

[14]  R. Johari,et al.  A Survey on Web Application Vulnerabilities (SQLIA, XSS) Exploitation and Security Engine for SQL Injection , 2012, 2012 International Conference on Communication Systems and Network Technologies.

[15]  Jeffrey Pennington,et al.  GloVe: Global Vectors for Word Representation , 2014, EMNLP.

[16]  Wei Ye,et al.  Anomaly-Based Web Attack Detection: A Deep Learning Approach , 2017, ICNCC.

[17]  Xianmin Wang,et al.  DeepWAF: Detecting Web Attacks Based on CNN and LSTM Models , 2019, CSS.

[18]  Debabrata Kar,et al.  SQLiDDS: SQL Injection Detection Using Query Transformation and Document Similarity , 2015, ICDCIT.