Comparison between LSTM and CLCNN in detecting malicious requests in web attacks

DOI: https://doi.org/10.5753/sbseg.2021.17310

Abstract


Given the use of web applications on dynamic environments of cloud computing integrated with IoT devices, SQL injection and XSS (Cross-Site Scripting) attacks continue to cause security problems. The detection of malicious requests on the application level is a research challenge that's evolving by the use of Machine Learning and neural network. This paper presents a comparison between two architectures of machine learning to detect malicious web requests: LSTM (Long Short-Term Memory) and CLCNN (Character-level Convolutional Neural Network). The results show that CLCNN is more effective on all metrics, with an accuracy of 98.13%, a precision of 99.84%, a detection rate in 95.66% and an F1-score of 97.70%.

Keywords: malicious requests, detection, LSTM, CLCNN

References

Abiodun, O. I., Jantan, A., Omolara, A. E., Dada, K. V., Mohamed, N. A., e Arshad, H. (2018). State-of-the-art in articial neural network applications: A survey. Heliyon, 4(11):e00938.

Al-Khura, O. B. e Al-Ahmad, M. A. (2015). Survey of web application vulnerability attacks. In 2015 4th International Conference on Advanced Computer Science Applications and Technologies (ACSAT), pages 154–158. IEEE.

Albawi, S., Mohammed, T. A., e Al-Zawi, S. (2017). Understanding of a convolutional In 2017 International Conference on Engineering and Technology neural network. (ICET).

Bogale Gereme, F. e Zhu, W. (2020). Fighting fake news using deep learning: Pre-trained word embeddings and the embedding layer investigated. In 2020 The 3rd International Conference on Computational Intelligence and Intelligent Systems, pages 24–29.

Chollet, F. et al. (2015). Keras documentation. keras.io, 33.

Dupond, S. (2019). A thorough review on the current advance of neural network structures. Annual Reviews in Control, 14:200–230.

Giménez, C. T., Villegas, A. P., e Marañón, G. Á. (2010). Http data set csic 2010. Information Security Institute of CSIC (Spanish Research National Council).

Goldberg, Y. (2016). A primer on neural network models for natural language processing. Journal of Articial Intelligence Research, 57:345–420.

Gong, X., Lu, J., Wang, Y., Qiu, H., He, R., e Qiu, M. (2019). Cecor-net: A characterIn 2019 IEEE International level neural network model for web attack detection. Conference on Smart Cloud (SmartCloud), pages 98–103. IEEE.

Hwang, R.-H., Peng, M.-C., Nguyen, V.-L., e Chang, Y.-L. (2019). An lstm-based deep learning approach for classifying malicious trafc at the packet level. Applied Sciences, 9(16):3414.

Ito, M. e Iyatomi, H. (2018). Web application rewall using character-level convolutional neural network. In 2018 IEEE 14th International Colloquium on Signal Processing & Its Applications (CSPA), pages 103–106. IEEE.

Liang, J., Zhao, W., e Ye, W. (2017). Anomaly-based web attack detection: a deep learning approach. In Proceedings of the 2017 VI International Conference on Network, Communication and Computing, pages 80–85.

OWASP (2017). Top 10-2017. The Ten Most Critical Web Application Security Risks. OWASP™ Foundation. The free and open software security community.

OWASP (2020). Sql injection prevention cheat sheet.

Rego, R. C. e Nunes, R. (2019). Filtro de bloom como ferramenta de apoio a detectores de ataques web baseados em aprendizagem de máquina. In Anais do XIX Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 85–98. SBC.

Rodríguez, G. E., Torres, J. G., Flores, P., e Benavides, D. E. (2020). Cross-site scripting (xss) attacks and mitigation: A survey. Computer Networks, 166:106960.

Saxe, J. e Berlin, K. (2017). expose: A character-level convolutional neural network with embeddings for detecting malicious urls, le paths and registry keys. arXiv preprint arXiv:1702.08568.

Sharma, S. e Sharma, S. (2017). Activation functions in neural networks. Towards Data Science, 6(12):310–316.

Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I., e Salakhutdinov, R. (2014). Dropout: a simple way to prevent neural networks from overtting. The journal of machine learning research, 15(1):1929–1958.

Tang, R., Yang, Z., Li, Z., Meng, W., Wang, H., Li, Q., Sun, Y., Pei, D., Wei, T., Xu, Y., et al. (2020). Zerowall: Detecting zero-day web attacks through encoder-decoder recurrent neural networks. In IEEE INFOCOM 2020, pages 2479–2488. IEEE.

Tekerek, A. (2021). A novel architecture for web-based attack detection using convolutional neural network. Computers & Security, 100:102096.

Teller, V. (2000). Speech and language processing: an introduction to natural language processing, computational linguistics, and speech recognition.

Tian, Z., Luo, C., Qiu, J., Du, X., e Guizani, M. (2019). A distributed deep learning IEEE Transactions on Industrial system for web attack detection on edge devices. Informatics.

Torrano-Gimenez, C., Perez-Villegas, A., e Alvarez, G. (2009). A self-learning anomalybased web application rewall. In Computational Intelligence in Security for Information Systems, pages 85–92. Springer.

Yin, W., Kann, K., Yu, M., e Schütze, H. (2017). Comparative study of cnn and rnn for natural language processing. arXiv preprint arXiv:1702.01923.

Zhang, M., Xu, B., Bai, S., Lu, S., e Lin, Z. (2017). A deep learning method to detect web attacks using a specially designed cnn. In International Conference on Neural Information Processing, pages 828–836. Springer.

Zhang, X., Zhao, J., e LeCun, Y. (2015). Character-level convolutional networks for text classication. arXiv preprint arXiv:1509.01626.
Published
2021-10-04
How to Cite

Select a Format
BRINHOSA, Rafael Bosse; SCHLICKMANN, Marcos A. Michels; DA SILVA, Eduardo; WESTPHALL, Carlos Becker; WESTPHALL, Carla Merkle. Comparison between LSTM and CLCNN in detecting malicious requests in web attacks. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Belém. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2021 . p. 113-126. DOI: https://doi.org/10.5753/sbseg.2021.17310.