Auto-Encoder LSTM Methods for Anomaly- Based Web Application Firewall (original) (raw)
Related papers
Deep Learning Technique-Enabled Web Application Firewall for the Detection of Web Attacks
Sensors
New techniques and tactics are being used to gain unauthorized access to the web that harm, steal, and destroy information. Protecting the system from many threats such as DDoS, SQL injection, cross-site scripting, etc., is always a challenging issue. This research work makes a comparative analysis between normal HTTP traffic and attack traffic that identifies attack-indicating parameters and features. Different features of standard datasets ISCX, CISC, and CICDDoS were analyzed and attack and normal traffic were compared by taking different parameters into consideration. A layered architecture model for DDoS, XSS, and SQL injection attack detection was developed using a dataset collected from the simulation environment. In the long short-term memory (LSTM)-based layered architecture, the first layer was the DDoS detection model designed with an accuracy of 97.57% and the second was the XSS and SQL injection layer with an obtained accuracy of 89.34%. The higher rate of HTTP traffic ...
Web Application Attacks Detection Using Deep Learning
Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications, 2021
This work investigates the use of deep learning techniques to improve the performance of web application firewalls (WAFs), systems that are used to detect and prevent attacks to web applications. Typically, a waf inspects the http requests that are exchanged between client and server to spot attacks and block potential threats. We model the problem as a one-class supervised case and build a feature extractor using deep learning techniques. We treat the http requests as text and train a deep language model with a transformer encoder architecture which is a self-attention based neural network. The use of pre-trained language models has yielded significant improvements on a diverse set of NLP tasks because they are capable of doing transfer learning. We use the pre-trained model as a feature extractor to map a http request into a feature vector. These vectors are then used to train a one-class classifier. We also use a performance metric to automatically define an operational point for the one-class model. The experimental results show that the proposed approach outperforms the ones of the classic rule-based Mod-Security configured with a vanilla owasp crs and does not require the participation of a security expert to define the features.
Leveraging deep neural networks for anomaly‐based web application firewall
Iet Information Security, 2019
Web applications are the most common platforms for the exchange of information and services on the Internet. With the launch of web 2.0, information has flourished through social networking and business online. Therefore, websites are often attacked directly. As a result, the industry has paid more attention to the security of web applications in addition to security under computer networks. Intelligent systems based on machine learning have demonstrated excellent result on tasks such as anomaly detection in web requests. However, current methods based on traditional models cannot extract high-level features from huge data. In this study, the authors proposed methods based on deep-neural-network and parallel-feature-fusion that features engineering as an integral part of them and plays the most important role in their performance. The proposed methods use stacked autoencoder and deep belief network as feature learning methods, in which only normal data is used in the classification of training phase, then, one-class SVM, isolation forest, and elliptic envelope are applied as classifiers. The authors compared the proposed model with different strategies on CSIC 2010 and ECML/PKDD 2007 datasets. Results show that deep model and feature fusion model demonstrated as hierarchical feature learning which had better performance in terms of accuracy and generalisation in a reasonable time. Oxygen Mercury (metals) Beryllium Heat sinks Software reviews Microwave FETs Patient rehabilitation Land mobile radio cellular systems Electrooptic modulators. Electron beam applications Injuries Acoustic devices Data storage systems Hydraulic systems Food packaging Diamond Cardiac tissue Video surveillance Electronic countermeasures Whales Tunneling magnetoresistance. Internet security Molecular beam applications Terahertz metamaterials Titanium dioxide Continuous production. MIMICs Lightning protection Ring generators GSM Thumb Mutual funds Teleprinting Tornadoes. SGML Manipulators International Atomic Time Magnetic gears Nanolithography Thermal stresses Education courses EMTDC Radiation dosage Electronic countermeasures Redundancy Packaging machines Thick films Wave functions. SGML Grammar Fuzzy set theory Instruction sets Loudspeakers. Gamma-ray effects Storage area networks Control equipment Solid modeling Water storage Multistatic radar Gyroscopes Ganglia. Admission control Nanocrystals Winches Tape casting Acoustic propagation Law. Maintenance management Potassium Bars Land pollution Noise reduction Explosion protection Diffraction Metadata.
Network Anomaly Detection Using LSTM Based Autoencoder
Proceedings of the 16th ACM Symposium on QoS and Security for Wireless and Mobile Networks
Anomaly detection aims to discover patterns in data that do not conform to the expected normal behaviour. One of the significant issues for anomaly detection techniques is the availability of labeled data for training/validation of models. In this paper, we proposed a hyper approach based on Long Short Term Memory (LSTM) autoencoder and One-class Support Vector Machine (OC-SVM) to detect anomalies based attacks in an unbalanced dataset, by training the models using only examples of normal classes. The LSTM-autoencoder is trained to learn the normal traffic pattern and to learn the compressed representation of the input data (i.e. latent features) and then feed it to an OC-SVM approach. The hybrid model overcomes the shortcomings of the separate OC-SVM, in which its low capability to operate with massive and high-dimensional datasets. Additionally, we perform our experiments using the most recent dataset (InSDN) of Intrusion Detection Systems (IDSs) for SDN environments. The experimental results show that the proposed model provides higher detection rate and reduces the processing time significantly. Hence, our method provides great confidence in securing SDN networks from malicious traffic.
Intelligent intrusion detection through deep autoencoder and stacked long short-term memory
International Journal of Electrical and Computer Engineering (IJECE), 2024
In the realm of network intrusion detection, the escalating complexity and diversity of cyber threats necessitate innovative approaches to enhance detection accuracy. This study introduces an integrated solution leveraging deep learning techniques for improved intrusion detection. The proposed framework consists on a deep autoencoder for feature extraction, and a stacked long short-term memory (LSTM) network ensemble for classification. The deep autoencoder compresses raw network data, extracting salient features and mitigating noise. Subsequently, the stacked LSTM ensemble captures intricate temporal dependencies, correcting anomaly detection precision. Experiments conducted on the UNSW-NB15 dataset, and a benchmark in intrusion detection validate the effectiveness of the approach. The solution achieves an accuracy of 90.59%, with precision, recall, and F1-Score metrics reaching 90.65, 90.59, and 90.57, respectively. Notably, the framework outperforms standalone models and demonstrates the advantage of synergizing deep autoencoder-driven feature extraction with the stacked LSTM ensemble. Furthermore, a binary classification experiment attains an accuracy of about 90.59%, surpassing the multiclass classification and affirming the model's potential for binary threat identification. Comparative analyses highlight the pivotal role of feature extraction, while experimentation illustrates the enhancement achieved by incorporating the synergistic deep autoencoder-Stacked LSTM approach
Long Short-Term Memory (LSTM) Deep Learning Method for Intrusion Detection in Network Security
International Journal of Engineering Research and, 2020
Nowadays, large numbers of people were affected by data infringes and cyber-attacks due to dependency on internet. India is lager country for any resource use or consumer. Over the past ten years, the average cost of a data breach has increased by 12%. Hacking in India is take share of 2.3% of global criminal activity. To prevent such malicious activity, the network requires a system that detects anomaly and inform to the admin or service operator for taking an action according to the alert. System used for intrusion detection (IDS) is software that helps to identify and observes a network or systems for malicious, anomaly or policy violation. Deep learning algorithm techniques is an advanced method for detect intrusion in network. In this paper, intrusion detection model is train and test by NSL-KDD dataset which is enhanced version of KDD99 dataset. Proposed method operations are done by Long Short-Term Memory (LSTM) and detect attack. So admin can take action according to alert for prevent such activity. This method is used for binary and multiclass classification of data for binary classification it gives 99.2% accuracy and for multiclass classification it gives 96.9% accuracy.
LSTM deep learning method for network intrusion detection system
International Journal of Electrical and Computer Engineering (IJECE), 2020
The security of the network has become a primary concern for organizations. Attackers use different means to disrupt services, these various attacks push to think of a new way to block them all in one manner. In addition, these intrusions can change and penetrate the devices of security. To solve these issues, we suggest, in this paper, a new idea for Network Intrusion Detection System (NIDS) based on Long Short-Term Memory (LSTM) to recognize menaces and to obtain a long-term memory on them, in order to stop the new attacks that are like the existing ones, and at the same time, to have a single mean to block intrusions. According to the results of the experiments of detections that we have realized, the Accuracy reaches up to 99.98 % and 99.93 % for respectively the classification of two classes and several classes, also the False Positive Rate (FPR) reaches up to only 0,068 % and 0,023 % for respectively the classification of two classes and several classes, which proves that the proposed model is effective, it has a great ability to memorize and differentiate between normal traffic and attacks, and its identification is more accurate than other Machine Learning classifiers. 1. INTRODUCTION Nowadays, the world is experiencing a great revolution in the field of information technology, everybody is exchanging continuously information across the network. This implies the establishment of new tools and mechanisms of prevention and detection, and the strengthening of those that exist, like Network Intrusion Detection System (NIDS), in order to enhance security and protect the network from intrusions. The function of a NIDS is to observe, evaluate and classify traffic transiting through the network, it is based, in advance, on established methods and techniques in order to differentiate between normal and suspicious traffic. Furthermore, attackers are attracted by information and knowledge passing through the network, and to exploit and profit from them, they are forced to overcome obstacles and barriers of security by creating new attacks, and evolving the existing ones. While the current NIDS are not evolutionary, their identification algorithms do not progress to identify automatically new menaces, which pushes us to think about advanced and intelligent methods of detection that can identify new attacks and accompany the progression of the existing ones. Moreover, attacks can be of different types, like DoS (Denial-of-Service) and U2R (User to Root) etc…, this problem of diversity leads us to find a resolution to detect and stop them all in a unique way. Currently, Deep Learning is experiencing huge success in several domains, it is a set of techniques used to recognize objects, extract information hidden in the data, and make predictive analytics [1], one of these methods characterized by its long-term memory is the Long Short-Term Memory (LSTM) [2]. And, to solve the issues cited above, we propose in this paper a new approach for NIDS based on the Deep Learning
Predictive Model for Network Intrusion Detection System Using Deep Learning
Revue d'Intelligence Artificielle, 2020
Given the recent COVID-19 situation, many organizations and companies have asked their employees to work from home by connecting to their on-premises servers. This situation may continue a much more extended period in the future, thereby opening more threats to confidentiality and security to the information available in the organizations. It becomes of hell of a task for network administrators to counter the threats. Intrusion Detection Systems are deployed in firewalls to identify attacks or threats. In preset modern technologies, Network Intrusion Detection System plays a significant role in defense of the network threat. Statistical or pattern-based algorithms are used in NIDS to detect the benign activities that are taking place in the network. In this work, deep learning algorithms have developed in NIDS predictive models to detect anomalies and threats automatically. Performance of the proposed model assessed on the NSL-KDD dataset in the view of metrics such as accuracy, recall, precision, and F1-score. The experimental results show that the proposed deep learning model outperforms when compared with existing shallow models.
A content-based deep intrusion detection system
International Journal of Information Security
The growing number of Internet users and the prevalence of web applications make it necessary to deal with very complex software and applications in the network. This results in an increasing number of new vulnerabilities in the systems, and leading to an increase in cyber threats and, in particular, zeroday attacks. The cost of generating appropriate signatures for these attacks is a potential motive for using machine learning-based methodologies. Although there are many studies on using learning-based methods for attack detection, they generally use extracted features and overlook raw contents. This approach can lessen the performance of detection systems against contentbased attacks like SQL injection, Cross-site Scripting (XSS), and various viruses. In this work, we propose a framework, called deep intrusion detection (DID) system, that uses the pure content of traffic flows in addition to traffic metadata in the learning and detection phases of a passive DNN IDS. To this end, we deploy and evaluate an offline IDS following the framework using LSTM as a deep learning technique. Due to the inherent nature of deep learning, it can process high dimensional data content and, accordingly, discover the sophisticated relations between the auto extracted features of the traffic. To evaluate the proposed DID system, we use the CIC-IDS2017 and CSE-CIC-IDS2018 datasets. The evaluation met
Weighted LSTM for intrusion detection and data mining to prevent attacks
International Journal of Data Mining, Modelling and Management, 2020
The usage of cloud opportunities brings not only resources and storage availability, but puts also customer's privacy at stake. These services are carried out through web that generate log files. These files contain valuable information in tracking malicious behaviours. However, they are variant, voluminous and have high velocity. This paper structures input log files using data preparation treatment (DPT), anticipates missing features, and performs a weighted conversion to ease the discrimination of malicious activities. Regarding the robustness of deep learning in analysing high dimension databases, selecting dynamically features and detecting intrusions, our architecture avails its strength and proposes a weighted long short-term memory (WLSTM) deep learning algorithm. WLSTM mine network traffic predictors considering past events, and minimizes the vanishing gradient. Results prove its effectiveness; it achieves 98% of accuracy and reduces false alarm rates to 1.47%. For contextual malicious behaviours, the accuracy attained 97% and the loss was 22%.