Comparação entre LSTM e CLCNN na detecção de requisições maliciosas em ataques na web
Resumo
Com o uso de aplicações web em ambientes dinâmicos de computação em nuvem integrados com dispositivos IoT, os ataques de injeção de SQL e de XSS (Cross-Site Scripting) continuam causando problemas para a segurança. A detecção de requisições maliciosas a nível de aplicação representa um desafio na pesquisa, que está evoluindo usando técnicas de Machine Learning e redes neurais. Este trabalho apresenta a comparação entre duas arquiteturas de aprendizado de máquina usadas para detectar requisições web maliciosas: LSTM (Long Short-Term Memory) e CLCNN (Character-level Convolutional Neural Network). Os resultados demonstram que a CLCNN é a mais eficaz em todas as métricas, com uma acurácia de 98,13%, precisão de 99,84%, taxa de detecção em 95,66% e com um F1-score de 97,70%.
Palavras-chave:
requisições maliciosas, detecção, LSTM, CLCNN
Referências
Abiodun, O. I., Jantan, A., Omolara, A. E., Dada, K. V., Mohamed, N. A., e Arshad, H. (2018). State-of-the-art in articial neural network applications: A survey. Heliyon, 4(11):e00938.
Al-Khura, O. B. e Al-Ahmad, M. A. (2015). Survey of web application vulnerability attacks. In 2015 4th International Conference on Advanced Computer Science Applications and Technologies (ACSAT), pages 154–158. IEEE.
Albawi, S., Mohammed, T. A., e Al-Zawi, S. (2017). Understanding of a convolutional In 2017 International Conference on Engineering and Technology neural network. (ICET).
Bogale Gereme, F. e Zhu, W. (2020). Fighting fake news using deep learning: Pre-trained word embeddings and the embedding layer investigated. In 2020 The 3rd International Conference on Computational Intelligence and Intelligent Systems, pages 24–29.
Chollet, F. et al. (2015). Keras documentation. keras.io, 33.
Dupond, S. (2019). A thorough review on the current advance of neural network structures. Annual Reviews in Control, 14:200–230.
Giménez, C. T., Villegas, A. P., e Marañón, G. Á. (2010). Http data set csic 2010. Information Security Institute of CSIC (Spanish Research National Council).
Goldberg, Y. (2016). A primer on neural network models for natural language processing. Journal of Articial Intelligence Research, 57:345–420.
Gong, X., Lu, J., Wang, Y., Qiu, H., He, R., e Qiu, M. (2019). Cecor-net: A characterIn 2019 IEEE International level neural network model for web attack detection. Conference on Smart Cloud (SmartCloud), pages 98–103. IEEE.
Hwang, R.-H., Peng, M.-C., Nguyen, V.-L., e Chang, Y.-L. (2019). An lstm-based deep learning approach for classifying malicious trafc at the packet level. Applied Sciences, 9(16):3414.
Ito, M. e Iyatomi, H. (2018). Web application rewall using character-level convolutional neural network. In 2018 IEEE 14th International Colloquium on Signal Processing & Its Applications (CSPA), pages 103–106. IEEE.
Liang, J., Zhao, W., e Ye, W. (2017). Anomaly-based web attack detection: a deep learning approach. In Proceedings of the 2017 VI International Conference on Network, Communication and Computing, pages 80–85.
OWASP (2017). Top 10-2017. The Ten Most Critical Web Application Security Risks. OWASP™ Foundation. The free and open software security community.
OWASP (2020). Sql injection prevention cheat sheet.
Rego, R. C. e Nunes, R. (2019). Filtro de bloom como ferramenta de apoio a detectores de ataques web baseados em aprendizagem de máquina. In Anais do XIX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 85–98. SBC.
Rodríguez, G. E., Torres, J. G., Flores, P., e Benavides, D. E. (2020). Cross-site scripting (xss) attacks and mitigation: A survey. Computer Networks, 166:106960.
Saxe, J. e Berlin, K. (2017). expose: A character-level convolutional neural network with embeddings for detecting malicious urls, le paths and registry keys. arXiv preprint arXiv:1702.08568.
Sharma, S. e Sharma, S. (2017). Activation functions in neural networks. Towards Data Science, 6(12):310–316.
Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I., e Salakhutdinov, R. (2014). Dropout: a simple way to prevent neural networks from overtting. The journal of machine learning research, 15(1):1929–1958.
Tang, R., Yang, Z., Li, Z., Meng, W., Wang, H., Li, Q., Sun, Y., Pei, D., Wei, T., Xu, Y., et al. (2020). Zerowall: Detecting zero-day web attacks through encoder-decoder recurrent neural networks. In IEEE INFOCOM 2020, pages 2479–2488. IEEE.
Tekerek, A. (2021). A novel architecture for web-based attack detection using convolutional neural network. Computers & Security, 100:102096.
Teller, V. (2000). Speech and language processing: an introduction to natural language processing, computational linguistics, and speech recognition.
Tian, Z., Luo, C., Qiu, J., Du, X., e Guizani, M. (2019). A distributed deep learning IEEE Transactions on Industrial system for web attack detection on edge devices. Informatics.
Torrano-Gimenez, C., Perez-Villegas, A., e Alvarez, G. (2009). A self-learning anomalybased web application rewall. In Computational Intelligence in Security for Information Systems, pages 85–92. Springer.
Yin, W., Kann, K., Yu, M., e Schütze, H. (2017). Comparative study of cnn and rnn for natural language processing. arXiv preprint arXiv:1702.01923.
Zhang, M., Xu, B., Bai, S., Lu, S., e Lin, Z. (2017). A deep learning method to detect web attacks using a specially designed cnn. In International Conference on Neural Information Processing, pages 828–836. Springer.
Zhang, X., Zhao, J., e LeCun, Y. (2015). Character-level convolutional networks for text classication. arXiv preprint arXiv:1509.01626.
Al-Khura, O. B. e Al-Ahmad, M. A. (2015). Survey of web application vulnerability attacks. In 2015 4th International Conference on Advanced Computer Science Applications and Technologies (ACSAT), pages 154–158. IEEE.
Albawi, S., Mohammed, T. A., e Al-Zawi, S. (2017). Understanding of a convolutional In 2017 International Conference on Engineering and Technology neural network. (ICET).
Bogale Gereme, F. e Zhu, W. (2020). Fighting fake news using deep learning: Pre-trained word embeddings and the embedding layer investigated. In 2020 The 3rd International Conference on Computational Intelligence and Intelligent Systems, pages 24–29.
Chollet, F. et al. (2015). Keras documentation. keras.io, 33.
Dupond, S. (2019). A thorough review on the current advance of neural network structures. Annual Reviews in Control, 14:200–230.
Giménez, C. T., Villegas, A. P., e Marañón, G. Á. (2010). Http data set csic 2010. Information Security Institute of CSIC (Spanish Research National Council).
Goldberg, Y. (2016). A primer on neural network models for natural language processing. Journal of Articial Intelligence Research, 57:345–420.
Gong, X., Lu, J., Wang, Y., Qiu, H., He, R., e Qiu, M. (2019). Cecor-net: A characterIn 2019 IEEE International level neural network model for web attack detection. Conference on Smart Cloud (SmartCloud), pages 98–103. IEEE.
Hwang, R.-H., Peng, M.-C., Nguyen, V.-L., e Chang, Y.-L. (2019). An lstm-based deep learning approach for classifying malicious trafc at the packet level. Applied Sciences, 9(16):3414.
Ito, M. e Iyatomi, H. (2018). Web application rewall using character-level convolutional neural network. In 2018 IEEE 14th International Colloquium on Signal Processing & Its Applications (CSPA), pages 103–106. IEEE.
Liang, J., Zhao, W., e Ye, W. (2017). Anomaly-based web attack detection: a deep learning approach. In Proceedings of the 2017 VI International Conference on Network, Communication and Computing, pages 80–85.
OWASP (2017). Top 10-2017. The Ten Most Critical Web Application Security Risks. OWASP™ Foundation. The free and open software security community.
OWASP (2020). Sql injection prevention cheat sheet.
Rego, R. C. e Nunes, R. (2019). Filtro de bloom como ferramenta de apoio a detectores de ataques web baseados em aprendizagem de máquina. In Anais do XIX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 85–98. SBC.
Rodríguez, G. E., Torres, J. G., Flores, P., e Benavides, D. E. (2020). Cross-site scripting (xss) attacks and mitigation: A survey. Computer Networks, 166:106960.
Saxe, J. e Berlin, K. (2017). expose: A character-level convolutional neural network with embeddings for detecting malicious urls, le paths and registry keys. arXiv preprint arXiv:1702.08568.
Sharma, S. e Sharma, S. (2017). Activation functions in neural networks. Towards Data Science, 6(12):310–316.
Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I., e Salakhutdinov, R. (2014). Dropout: a simple way to prevent neural networks from overtting. The journal of machine learning research, 15(1):1929–1958.
Tang, R., Yang, Z., Li, Z., Meng, W., Wang, H., Li, Q., Sun, Y., Pei, D., Wei, T., Xu, Y., et al. (2020). Zerowall: Detecting zero-day web attacks through encoder-decoder recurrent neural networks. In IEEE INFOCOM 2020, pages 2479–2488. IEEE.
Tekerek, A. (2021). A novel architecture for web-based attack detection using convolutional neural network. Computers & Security, 100:102096.
Teller, V. (2000). Speech and language processing: an introduction to natural language processing, computational linguistics, and speech recognition.
Tian, Z., Luo, C., Qiu, J., Du, X., e Guizani, M. (2019). A distributed deep learning IEEE Transactions on Industrial system for web attack detection on edge devices. Informatics.
Torrano-Gimenez, C., Perez-Villegas, A., e Alvarez, G. (2009). A self-learning anomalybased web application rewall. In Computational Intelligence in Security for Information Systems, pages 85–92. Springer.
Yin, W., Kann, K., Yu, M., e Schütze, H. (2017). Comparative study of cnn and rnn for natural language processing. arXiv preprint arXiv:1702.01923.
Zhang, M., Xu, B., Bai, S., Lu, S., e Lin, Z. (2017). A deep learning method to detect web attacks using a specially designed cnn. In International Conference on Neural Information Processing, pages 828–836. Springer.
Zhang, X., Zhao, J., e LeCun, Y. (2015). Character-level convolutional networks for text classication. arXiv preprint arXiv:1509.01626.
Publicado
04/10/2021
Como Citar
BRINHOSA, Rafael Bosse; SCHLICKMANN, Marcos A. Michels; DA SILVA, Eduardo; WESTPHALL, Carlos Becker; WESTPHALL, Carla Merkle.
Comparação entre LSTM e CLCNN na detecção de requisições maliciosas em ataques na web. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 113-126.
DOI: https://doi.org/10.5753/sbseg.2021.17310.
