Skip to main content
SpringerLink
Log in

LogBERT-BiLSTM: Detecting Malicious Web Requests

  • Conference paper
  • First Online:
Artificial Neural Networks and Machine Learning – ICANN 2022 (ICANN 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13531))

Included in the following conference series:

Abstract

The digitalization of society potentialized services provided through the Internet, such as information sharing, entertainment, and education. With the rise of end-user services, we also verify the growth of attacks. Unfortunately, most defensive techniques of Web Intrusion Systems cannot deal with the complexity of cyber attacks on HTTP requests. Nevertheless, machine learning approaches are now a promising tool in different areas that can help to detect known and unknown attacks on day zero. We propose a new approach to detect possible attacks on HTTP requests based on machine learning. The new model LogBERT-BiLSTM uses BERT and Bidirectional LSTMs to detect anomalies in data. Experiments compared the proposed approach with literature models on CSIC 2010 and ECML/PKDD 2007 datasets. In addition, we created a new dataset of HTTP requests to evaluate the model performance. The proposed model obtained detection rates consistently above 95% of accuracy on the evaluated datasets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Regex is the abbreviation of the English Regular Expressions, for regular expressions.

References

  1. Assigning attack signatures to security policies, February 2022. https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-bot-and-attack-signatures-13-0-0/1.html

  2. Althubiti, S., Yuan, X., Esterline, A.: Analyzing http requests for web intrusion detection, October 2017

    Google Scholar 

  3. Chen, Z., Liu, J., Gu, W., Su, Y., Lyu, M.R.: Experience report: deep learning-based system log analysis for anomaly detection. CoRR abs/2107.05908 (2021). https://arxiv.org/abs/2107.05908

  4. Du, M., Li, F., Zheng, G., Srikumar, V.: DeepLog: anomaly detection and diagnosis from system logs through deep learning, pp. 1285–1298 (2017). https://doi.org/10.1145/3133956.3134015

  5. Guo, H., Yuan, S., Wu, X.: LogBERT: log anomaly detection via BERT. In: 2021 International Joint Conference on Neural Networks (IJCNN), pp. 1–8 (2021). https://doi.org/10.1109/IJCNN52387.2021.9534113

  6. Ito, M., Iyatomi, H.: Web application firewall using character-level convolutional neural network, pp. 103–106 (2018). https://doi.org/10.1109/CSPA.2018.8368694

  7. Kim, Y.: Convolutional neural networks for sentence classification. CoRR abs/1408.5882 (2014). http://arxiv.org/abs/1408.5882

  8. Kuang, X., et al.: DeepWAF: detecting web attacks based on CNN and LSTM models (2019). https://doi.org/10.1007/978-3-030-37352-8_11

  9. Le, V., Zhang, H.: Log-based anomaly detection without log parsing. CoRR abs/2108.01955 (2021). https://arxiv.org/abs/2108.01955

  10. Lu, S., Wei, X., Li, Y., Wang, L.: Detecting anomaly in big data system logs using convolutional neural network (2018). https://doi.org/10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00037

  11. Meng, W., et al.: LogAnomaly: unsupervised detection of sequential and quantitative anomalies in unstructured logs. In: IJCAI (2019)

    Google Scholar 

  12. Odumuyiwa, V., Chibueze, A.: Automatic detection of http injection attacks using convolutional neural network and deep neural network. J. Cyber Secur. Mobil. 9, 489–514 (2020)

    Google Scholar 

  13. Oliner, A., Stearley, J.: What supercomputers say: a study of five system logs (2007). https://doi.org/10.1109/DSN.2007.103

  14. Raïssi, C., Brissaud, J., Dray, G., Poncelet, P., Roche, M., Teisseire, M.: Web analyzing traffic challenge: description and results (2007)

    Google Scholar 

  15. Torrano-Gimenez, C., Perez-Villegas, A., Alvarez, G.: A self-learning anomaly-based web application firewall, vol. 63, pp. 85–92, January 2009. https://doi.org/10.1007/978-3-642-04091-7_11

  16. Vaswani, A., et al.: Attention is all you need. CoRR abs/1706.03762 (2017). http://arxiv.org/abs/1706.03762

  17. Xuan, C., Dinh, H., Victor, T.: Malicious url detection based on machine learning. Int. J. Adv. Comput. Sci. Appl. (2020). https://doi.org/10.14569/IJACSA.2020.0110119

  18. Yu, L., et al.: Detecting malicious web requests using an enhanced textCNN (2020). https://doi.org/10.1109/COMPSAC48688.2020.0-167

Download references

Author information

Authors and Affiliations

  1. Centro de Informática, Universidade Federal de Pernambuco, Recife, PE, 50.740-560, Brazil

    Levi S. Ramos Júnior, David Macêdo, Adriano L. I. Oliveira & Cleber Zanchettin

Authors
  1. Levi S. Ramos Júnior
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Macêdo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Adriano L. I. Oliveira
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Cleber Zanchettin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Levi S. Ramos Júnior .

Editor information

Editors and Affiliations

  1. University of the West of England, Bristol, UK

    Elias Pimenidis

  2. Lancaster University, Lancaster, UK

    Plamen Angelov

  3. Digital Innovation, Teeside University, Middlesbrough, UK

    Chrisina Jayne

  4. Democritus University of Thrace, Xanthi, Greece

    Antonios Papaleonidas

  5. The University of the West of England, Bristol, UK

    Mehmet Aydin

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ramos Júnior, L.S., Macêdo, D., Oliveira, A.L.I., Zanchettin, C. (2022). LogBERT-BiLSTM: Detecting Malicious Web Requests. In: Pimenidis, E., Angelov, P., Jayne, C., Papaleonidas, A., Aydin, M. (eds) Artificial Neural Networks and Machine Learning – ICANN 2022. ICANN 2022. Lecture Notes in Computer Science, vol 13531. Springer, Cham. https://doi.org/10.1007/978-3-031-15934-3_58

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15934-3_58

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15933-6

  • Online ISBN: 978-3-031-15934-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation