GBLNet: Detecting Intrusion Traffic with Multi-granularity BiLSTM

Li, Wenhao; Zhang, Xiao-Yu

doi:10.1007/978-3-031-08760-8_32

Wenhao Li^13,14 &
Xiao-Yu Zhang^13,14

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13353))

Included in the following conference series:

International Conference on Computational Science

1124 Accesses
2 Citations

Abstract

Detecting and intercepting malicious requests are some of the most widely used ways against attacks in the network security, especially in the severe COVID-19 environment. Most existing detecting approaches, including matching blacklist characters and machine learning algorithms have all shown to be vulnerable to sophisticated attacks. To address the above issues, a more general and rigorous detection method is required. In this paper, we formulate the problem of detecting malicious requests as a temporal sequence classification problem, and propose a novel deep learning model namely GBLNet, girdling bidirectional LSTM with multi-granularity CNNs. By connecting the shadow and deep feature maps of the convolutional layers, the malicious feature extracting ability is improved on more detailed functionality. Experimental results on HTTP dataset CSIC 2010 demonstrate that GBLNet can efficiently detect intrusion traffic with superior accuracy and evaluating speed, compared with the state-of-the-arts.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 99.00; Price excludes VAT (USA)

Softcover Book: USD 129.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Alrawashdeh, K., Purdy, C.: Fast activation function approach for deep learning based online anomaly intrusion detection. In: 2018 IEEE 4th International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing, (HPSC) and IEEE International Conference on Intelligent Data and Security (IDS) (2018)
Google Scholar
Fredj, O.B., Cheikhrouhou, O., Krichen, M., Hamam, H., Derhab, A.: An OWASP top ten driven survey on web application protection methods. In: International Conference on Risks and Security of Internet and Systems (2020)
Google Scholar
Hao, S., Long, J., Yang, Y.: BL-IDS: detecting web attacks using BI-LSTM model based on deep learning. In: International Conference on Security and Privacy in New Computing Environments (2019)
Google Scholar
Le, D.C., Zincir-Heywood, A.N., Heywood, M.I.: Unsupervised monitoring of network and service behaviour using self organizing maps. J. Cyber Secur. Mob. 8(1), 15–52 (2019)
Google Scholar
Liu, H., Lang, B., Liu, M., Yan, H.: CNN and RNN based payload classification methods for attack detection. Knowl.-Based Syst. 163, 332–341 (2019)
Google Scholar
Schuster, M., Paliwal, K.K.: Bidirectional recurrent neural networks. IEEE Trans. Signal Process. 45, 2673–2681 (1997)
Article Google Scholar
Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell. 2, 41–50 (2018)
Article Google Scholar
Smitha, R., Hareesha, K., Kundapur, P.P.: A machine learning approach for web intrusion detection: Mamls perspective. In: Soft Computing and Signal Processing (2019)
Google Scholar
Tang, Z., Wang, Q., Li, W., Bao, H., Liu, F., Wang, W.: HSLF: HTTP header sequence based LSH fingerprints for application traffic classification. In: International Conference on Computational Science (2021)
Google Scholar
Vartouni, A.M., Kashi, S.S., Teshnehlab, M.: An anomaly detection method to detect web attacks using stacked auto-encoder. In: 2018 6th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS) (2018)
Google Scholar
Wang, W., et al.: HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access (2018)
Google Scholar

Download references

Acknowledgment

This work was supported by the National Natural Science Foundation of China (Grant U2003111, 61871378).

Author information

Authors and Affiliations

Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China
Wenhao Li & Xiao-Yu Zhang
School of Cyber Security, University of Chinese Academy of Sciences, Beijing, 100093, China
Wenhao Li & Xiao-Yu Zhang

Authors

Wenhao Li
View author publications
You can also search for this author in PubMed Google Scholar
Xiao-Yu Zhang
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiao-Yu Zhang .

Editor information

Editors and Affiliations

Brunel University London, London, UK
Derek Groen
University of Amsterdam, Amsterdam, The Netherlands
Clélia de Mulatier
AGH University of Science and Technology, Krakow, Poland
Maciej Paszynski
University of Amsterdam, Amsterdam, The Netherlands
Valeria V. Krzhizhanovskaya
University of Tennessee at Knoxville, Knoxville, TN, USA
Jack J. Dongarra
University of Amsterdam, Amsterdam, The Netherlands
Peter M. A. Sloot

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Li, W., Zhang, XY. (2022). GBLNet: Detecting Intrusion Traffic with Multi-granularity BiLSTM. In: Groen, D., de Mulatier, C., Paszynski, M., Krzhizhanovskaya, V.V., Dongarra, J.J., Sloot, P.M.A. (eds) Computational Science – ICCS 2022. ICCS 2022. Lecture Notes in Computer Science, vol 13353. Springer, Cham. https://doi.org/10.1007/978-3-031-08760-8_32

Download citation

DOI: https://doi.org/10.1007/978-3-031-08760-8_32
Published: 15 June 2022
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-08759-2
Online ISBN: 978-3-031-08760-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

GBLNet: Detecting Intrusion Traffic with Multi-granularity BiLSTM