Web Attack Detection: Exploring Recurrent Neural Networks with Dimensionality Reducer
Abstract
Machine learning techniques have been widely explored in anomaly detectors, among which recurrent neural networks (RNN) stand out for their good performance in the task of detecting web attacks. However, research with recurrent networks has focused on increasing the predictive performance of detectors. Furthermore, techniques based on deep learning have a high computational cost. Therefore, it is necessary to design intrusion detection methods that are effective from a predictive point of view, but also efficient in terms of detection time. In this work, we propose the BLOOM-RNN, an RNN-based intrusion detection method that explores the Bloom Filter as a support tool for reducing the data dimensionality. Experiments demonstrate that RNN get good detection accuracy when compared with other machine learning methods and the filter provides a significant reduction in detection time without affecting the detector accuracy. A comparative evaluation of different recurrent neural networks (LSTM, BI-LSTM and GRU) indicates the network learning fits different for different web attacks.
Keywords:
Bloom Filter, Recurrent Neural Networks, Web Attack, Anomaly Detection
References
SMITHA, R.; HAREESHA, K.; KUNDAPUR, P. P. A (2019) Machine Learning Approach for Web Intrusion Detection: MAMLS Perspective. In: Soft Computing and Signal Processing. p.119-133.
GIMÉNEZ, C. T. et al. (2015) Study of stochastic and machine learning techniques for anomaly-based Web attack detection. Tese (Doutorado) — Univ Carlos III of Madrid.
KOZAKEVICIUS, A. et al.. (2015) URL Query String Anomaly Sensor Designed with the Bidimensional Haar Wavelet Transform. Journal of Information Security, v14, p.561-581.
GUAN, Z.; WANG, J.; WANG, X.; W. Xin; CUI, J.; JING, X. (2021) A Comparative Study of RNN-based Methods for Web Malicious Code Detection, In: IEEE 6th International Conference on Computer and Communication Systems (ICCCS), p. 769-773.
BOCHEM, A.; ZHANG, H.; HOGREFE, D. (2017) Streamlined anomaly detection in web requests using recurrent neural networks. In: IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). p. 1016-1017.
HAO, S.; LONG, J.; YANG, Y. (2019) BL-IDS: Detecting Web Attacks Using Bi-LSTM Model Based on Deep Learning. In: Springer International Conference on Security and Privacy in New Computing Environments. p. 551–563.
LIANG, J.; ZHAO, W.; YE, W. (2017) Anomaly-based web attack detection: a deep learning approach. In: ACM, 2017. In: Proceedings of the VI International Conference on Network, Communication and Computing. p. 80-85.
KIM, T.; CHO, S. (2018) Web traffic anomaly detection using C-LSTM neural networks. Expert Systems with Applications, v.106, p. 66-76.
ONEY, M. U.; PEKER, S. (2018) The Use of Artificial Neural Networks in Network Intrusion Detection: A Systematic Review. In: Int. Conf. on Artificial Intelligence and Data Processing. p. 1-6.
HERRERA-SEMENETS, V. et al. (2018) A data reduction strategy and its application on scan and backscatter detection using rule-based classifiers. Expert Systems with Applications, v.95, p.272-279.
BLOOM, B. H. (1970) Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, v. 13, n. 7, p. 422-426.
REGO, R. C. S. and NUNES, R. C. (2019) Filtro de Bloom como Ferramenta de Apoio a Detectores de Ataques Web baseados em Aprendizado de Máquina. In: Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, p. 85-98.
FENG, C.; LI, T.; CHANA, D. (2017) Multi-level anomaly detection in industrial control systems via package signatures and ISTM networks. In: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).
OWASP Top 10. (2021) https://owasp.org/www-project-top-ten/. Acesso em: 05/07/2021.
ZHAO, J. et al. (2018) Classifying Malicious URLs Using Gated Recurrent Neural Networks. In: Conf. Innovative Mobile and Internet Services in Ubiquitous Computing. p. 385–394.
ALTHUBITI, S. et al. (2018) Applying Long Short-Term Memory Recurrent Neural Network for Intrusion Detection. In: SoutheastCon. p. 1–5.
CSIC (2010) HTTP dataset CSIC 2010. Disponível em: https://www.tic.itefi.csic.es/dataset/. Acesso em: 05/07/2021.
WANG, J.; ZHOU, Z.; CHEN, J. (2018) Evaluating CNN and LSTM for Web Attack Detection. In: Proc. of the ACM Conf. on Machine Learning and Computing. p. 283–287.
CSIC (2012) HTTP CSIC Torpeda 2012. Available online: dataset https://www.tic.itefi.csic.es/torpeda/. Acesso em: 05/07/2021.
NGUYEN, H. T. et al. (2011) Application of the generic feature selection measure in detection of web attacks. In: Computational Intelligence in Security for Information Systems. p. 25–32.
PARTHASARATHY, S.; KUNDUR, D. (2012) Bloom filter based intrusion detection for smart grid SCADA. In: Canadian Conf. on Electrical & Computer Engineering. p. 1-6.
CHOLLET, F. (2015) Keras: The Python Deep Learning library. Disponível em: https://keras.io/.
REIMERS, N.; GUREVYCH, I. (2017) Optimal hyperparameters for deep LSTM-networks for sequence labeling tasks. In: arXiv preprint arXiv:1707.06799
GIMÉNEZ, C. T. et al. (2015) Study of stochastic and machine learning techniques for anomaly-based Web attack detection. Tese (Doutorado) — Univ Carlos III of Madrid.
KOZAKEVICIUS, A. et al.. (2015) URL Query String Anomaly Sensor Designed with the Bidimensional Haar Wavelet Transform. Journal of Information Security, v14, p.561-581.
GUAN, Z.; WANG, J.; WANG, X.; W. Xin; CUI, J.; JING, X. (2021) A Comparative Study of RNN-based Methods for Web Malicious Code Detection, In: IEEE 6th International Conference on Computer and Communication Systems (ICCCS), p. 769-773.
BOCHEM, A.; ZHANG, H.; HOGREFE, D. (2017) Streamlined anomaly detection in web requests using recurrent neural networks. In: IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). p. 1016-1017.
HAO, S.; LONG, J.; YANG, Y. (2019) BL-IDS: Detecting Web Attacks Using Bi-LSTM Model Based on Deep Learning. In: Springer International Conference on Security and Privacy in New Computing Environments. p. 551–563.
LIANG, J.; ZHAO, W.; YE, W. (2017) Anomaly-based web attack detection: a deep learning approach. In: ACM, 2017. In: Proceedings of the VI International Conference on Network, Communication and Computing. p. 80-85.
KIM, T.; CHO, S. (2018) Web traffic anomaly detection using C-LSTM neural networks. Expert Systems with Applications, v.106, p. 66-76.
ONEY, M. U.; PEKER, S. (2018) The Use of Artificial Neural Networks in Network Intrusion Detection: A Systematic Review. In: Int. Conf. on Artificial Intelligence and Data Processing. p. 1-6.
HERRERA-SEMENETS, V. et al. (2018) A data reduction strategy and its application on scan and backscatter detection using rule-based classifiers. Expert Systems with Applications, v.95, p.272-279.
BLOOM, B. H. (1970) Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, v. 13, n. 7, p. 422-426.
REGO, R. C. S. and NUNES, R. C. (2019) Filtro de Bloom como Ferramenta de Apoio a Detectores de Ataques Web baseados em Aprendizado de Máquina. In: Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, p. 85-98.
FENG, C.; LI, T.; CHANA, D. (2017) Multi-level anomaly detection in industrial control systems via package signatures and ISTM networks. In: 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).
OWASP Top 10. (2021) https://owasp.org/www-project-top-ten/. Acesso em: 05/07/2021.
ZHAO, J. et al. (2018) Classifying Malicious URLs Using Gated Recurrent Neural Networks. In: Conf. Innovative Mobile and Internet Services in Ubiquitous Computing. p. 385–394.
ALTHUBITI, S. et al. (2018) Applying Long Short-Term Memory Recurrent Neural Network for Intrusion Detection. In: SoutheastCon. p. 1–5.
CSIC (2010) HTTP dataset CSIC 2010. Disponível em: https://www.tic.itefi.csic.es/dataset/. Acesso em: 05/07/2021.
WANG, J.; ZHOU, Z.; CHEN, J. (2018) Evaluating CNN and LSTM for Web Attack Detection. In: Proc. of the ACM Conf. on Machine Learning and Computing. p. 283–287.
CSIC (2012) HTTP CSIC Torpeda 2012. Available online: dataset https://www.tic.itefi.csic.es/torpeda/. Acesso em: 05/07/2021.
NGUYEN, H. T. et al. (2011) Application of the generic feature selection measure in detection of web attacks. In: Computational Intelligence in Security for Information Systems. p. 25–32.
PARTHASARATHY, S.; KUNDUR, D. (2012) Bloom filter based intrusion detection for smart grid SCADA. In: Canadian Conf. on Electrical & Computer Engineering. p. 1-6.
CHOLLET, F. (2015) Keras: The Python Deep Learning library. Disponível em: https://keras.io/.
REIMERS, N.; GUREVYCH, I. (2017) Optimal hyperparameters for deep LSTM-networks for sequence labeling tasks. In: arXiv preprint arXiv:1707.06799
Published
2021-10-04
How to Cite
REGO, Richard Caio Silva; NUNES, Raul Ceretta.
Web Attack Detection: Exploring Recurrent Neural Networks with Dimensionality Reducer. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 183-196.
DOI: https://doi.org/10.5753/sbseg.2021.17315.
