Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2020: Security and Privacy in Communication Networks pp 481–502Cite as

Connecting Web Event Forecasting with Anomaly Detection: A Case Study on Enterprise Web Applications Using Self-supervised Neural Networks

Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST,volume 335)

Abstract

Recently web applications have been widely used in enterprises to assist employees in providing effective and efficient business processes. Forecasting upcoming web events in enterprise web applications can be beneficial in many ways, such as efficient caching and recommendation. In this paper, we present a web event forecasting approach, DeepEvent, in enterprise web applications for better anomaly detection. DeepEvent includes three key features: web-specific neural networks to take into account the characteristics of sequential web events, self-supervised learning techniques to overcome the scarcity of labeled data, and sequence embedding techniques to integrate contextual events and capture dependencies among web events. We evaluate DeepEvent on web events collected from six real-world enterprise web applications. Our experimental results demonstrate that DeepEvent is effective in forecasting sequential web events and detecting web based anomalies. DeepEvent provides a context-based system for researchers and practitioners to better forecast web events with situational awareness.

Keywords

  • Anomaly detection
  • Event forecasting
  • Self-supervised learning
  • Neural networks

This is a preview of subscription content, access via your institution.

Chapter
EUR   29.95
Price includes VAT (Finland)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR   85.59
Price includes VAT (Finland)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR   109.99
Price includes VAT (Finland)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

Notes

  1. 1.

    https://codex.wordpress.org/Using_Permalinks.

  2. 2.

    We detect randomness in URIs based on a gibberish detection tool (https://github.com/rrenaud/Gibberish-Detector).

References

  1. Awad, M., Khan, L., Thuraisingham, B.: Predicting www surfing using multiple evidence combination. VLDB J. 17(3), 401–417 (2008)

    CrossRef  Google Scholar 

  2. Awad, M.A., Khalil, I.: Prediction of user’s web-browsing behavior: application of Markov model. IEEE Trans. Syst. Man Cybern. Part B (Cybern.) 42(4), 1131–1142 (2012)

    CrossRef  Google Scholar 

  3. Chung, J., Gulcehre, C., Cho, K., Bengio, Y.: Empirical evaluation of gated recurrent neural networks on sequence modeling. In: NIPS Deep Learning and Representation Learning Workshop (2014)

    Google Scholar 

  4. Da, N.T., Hanh, T., Duy, P.H.: A survey of webpage access prediction. In: 2018 International Conference on Advanced Technologies for Communications (ATC), pp. 315–320. IEEE (2018)

    Google Scholar 

  5. Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding. In: Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers), pp. 4171–4186 (2019)

    Google Scholar 

  6. Dong, Y., Zhang, Y.: Adaptively detecting malicious queries in web attacks. arXiv preprint arXiv:1701.07774 (2017)

  7. Du, M., Li, F., Zheng, G., Srikumar, V.: DeepLog: anomaly detection and diagnosis from system logs through deep learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS) (2017). https://doi.org/10.1145/3133956.3134015

  8. El-Sayed, M., Ruiz, C., Rundensteiner, E.A.: Fs-Miner: efficient and incremental mining of frequent sequence patterns in web logs. In: Proceedings of the 6th Annual ACM International Workshop on Web Information and Data Management, pp. 128–135 (2004)

    Google Scholar 

  9. Estevez-Tapiador, J.M., Garcia-Teodoro, P., Diaz-Verdejo, J.: Measuring normality in http traffic for anomaly-based intrusion detection. Comput. Netw. 45, 175–193 (2004)

    CrossRef  Google Scholar 

  10. Hochreiter, S., Bengio, Y., Frasconi, P., Schmidhuber, J., et al.: Gradient flow in recurrent nets: the difficulty of learning long-term dependencies (2001)

    Google Scholar 

  11. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)

    CrossRef  Google Scholar 

  12. Japkowicz, N., Stephen, S.: The class imbalance problem: a systematic study. Intell. Data Anal. 6, 429–449 (2002)

    CrossRef  Google Scholar 

  13. Jing, L., Tian, Y.: Self-supervised visual feature learning with deep neural networks: a survey. IEEE Trans. Pattern Anal. Mach. Intell. (2020). https://ieeexplore.ieee.org/abstract/document/9086055

  14. Juvonen, A., Sipola, T.: Adaptive framework for network traffic classification using dimensionality reduction and clustering. In: 2012 IV International Congress on Ultra Modern Telecommunications and Control Systems, pp. 274–279. IEEE (2012)

    Google Scholar 

  15. Juvonen, A., Sipola, T., Häämäläinen, T.: Online anomaly detection using dimensionality reduction techniques for HTTP log analysis. Comput. Netw. 91, 46–56 (2015)

    CrossRef  Google Scholar 

  16. Kemeny, J.G., Snell, J.L.: Markov Chains. Springer, New York (1976)

    MATH  Google Scholar 

  17. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. In: International Conference for Learning Representations (2015)

    Google Scholar 

  18. Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 251–261. ACM (2003)

    Google Scholar 

  19. Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web-based attacks. Comput. Netw. 48(5), 717–738 (2005)

    CrossRef  Google Scholar 

  20. Liang, J., Zhao, W., Ye, W.: Anomaly-based web attack detection: a deep learning approach. In: Proceedings of the 2017 VI International Conference on Network, Communication and Computing, pp. 80–85. ACM (2017)

    Google Scholar 

  21. Liu, T., Qi, Y., Shi, L., Yan, J.: Locate-then-detect: real-time web attack detection via attention-based deep neural networks. In: Proceedings of the 28th International Joint Conference on Artificial Intelligence, pp. 4725–4731. AAAI Press (2019)

    Google Scholar 

  22. Oprea, A., Li, Z., Norris, R., Bowers, K.: MADE: security analytics for enterprise threat detection. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 124–136. ACM (2018)

    Google Scholar 

  23. OWASP: Buffer overflow. https://www.owasp.org/index.php/Buffer_Overflow

  24. OWASP: Crlf injection. https://www.owasp.org/index.php/CRLF_Injection

  25. OWASP: Cross-site scripting (xss). https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

  26. OWASP: Server-side includes (ssi) injection. https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection

  27. OWASP: Sql injection. https://www.owasp.org/index.php/SQL_Injection

  28. OWASP: Zed attack proxy project. https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

  29. Pham, T.S., Hoang, T.H., Vu, V.C.: Machine learning techniques for web intrusion detection - a comparison. In: Proceedings of the 8th International Conference on Knowledge and Systems Engineering, pp. 291–297. IEEE (2016)

    Google Scholar 

  30. Raina, R., Battle, A., Lee, H., Packer, B., Ng, A.Y.: Self-taught learning: transfer learning from unlabeled data. In: Proceedings of the 24th International Conference on Machine Learning, pp. 759–766. ACM (2007)

    Google Scholar 

  31. Robertson, W., Vigna, G., Kruegel, C., Kemmerer, R.A., et al.: Using generalization and characterization techniques in the anomaly-based detection of web attacks. In: NDSS (2006)

    Google Scholar 

  32. Sharif, M., Urakawa, J., Christin, N., Kubota, A., Yamada, A.: Predicting impending exposure to malicious content from user behavior. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1487–1501. ACM (2018)

    Google Scholar 

  33. Shen, Y., Mariconti, E., Vervier, P.A., Stringhini, G.: Tiresias: predicting security events through deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS) (2018). https://doi.org/10.1145/3243734.3243811

  34. Sipola, T., Juvonen, A., Lehtonen, J.: Anomaly detection from network logs using diffusion maps. In: Iliadis, L., Jayne, C. (eds.) AIAI/EANN -2011. IAICT, vol. 363, pp. 172–181. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23957-1_20

    CrossRef  Google Scholar 

  35. Su, Z., Yang, Q., Lu, Y., Zhang, H.: WhatNext: a prediction system for web requests using n-gram sequence models. In: Proceedings of the First International Conference on Web Information Systems Engineering, vol. 1, pp. 214–221. IEEE (2000)

    Google Scholar 

  36. Yang, Q., Zhang, H.H., Li, T.: Mining web logs for prediction models in www caching and prefetching. In: Proceedings of the Seventh ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 473–478 (2001)

    Google Scholar 

  37. Yu, Y., Yan, H., Guan, H., Zhou, H.: DeepHTTP: semantics-structure model with attention for anomalous HTTP traffic detection and pattern mining. arXiv preprint arXiv:1810.12751 (2018)

  38. Zolotukhin, M., Hämäläinen, T., Kokkonen, T., Siltanen, J.: Analysis of http requests for anomaly detection of web attacks. In: Proceedings of the 12th International Conference on Dependable, Autonomic and Secure Computing. IEEE (2014)

    Google Scholar 

  39. Vaswani, A., et al.: Attention is all you need. In: Advances in Neural Information Processing Systems, pp. 5998–6008 (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Michigan Technological University, Houghton, MI, 49931, USA

    Xiaoyong Yuan

  2. American University, Washington, DC, 20016, USA

    Lei Ding

  3. Accenture Labs, Arlington, VA, 22209, USA

    Malek Ben Salem

  4. Cognization Lab, Palo Alto, CA, 94306, USA

    Xiaolin Li

  5. University of Florida, Gainesville, FL, 32608, USA

    Dapeng Wu

Authors
  1. Xiaoyong Yuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lei Ding
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Malek Ben Salem
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiaolin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dapeng Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaoyong Yuan .

Editor information

Editors and Affiliations

  1. Yonsei University, Seoul, Korea (Republic of)

    Prof. Noseong Park

  2. George Mason University, Fairfax, VA, USA

    Kun Sun

  3. Dipartimento di Informatica, Universita degli Studi, Milan, Milano, Italy

    Prof. Sara Foresti

  4. University of Florida, Gainesville, FL, USA

    Kevin Butler

  5. Division of Nephrology, University of Alabama, Birmingham, AL, USA

    Dr. Nitesh Saxena

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yuan, X., Ding, L., Salem, M.B., Li, X., Wu, D. (2020). Connecting Web Event Forecasting with Anomaly Detection: A Case Study on Enterprise Web Applications Using Self-supervised Neural Networks. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 335. Springer, Cham. https://doi.org/10.1007/978-3-030-63086-7_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63086-7_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63085-0

  • Online ISBN: 978-3-030-63086-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Search

Navigation