Abstract
Web attack is a major security challenge in cyberspace. As web applications are usually hosted by the HTTP protocol, which is an application layer protocol, payload-based attack detection is proved to be quite effective. The payloads in a typical HTTP packet are text. Therefore, techniques such as deep neural network developed in the field of text processing can be adopted to extract the key features and detect web attacks. In the paper, we try to apply two kinds of deep neural networks, which are AutoEncoder and RNN, to figure out payload-based web attacks. Experiment results show that both networks have a very promising performance in this field.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Perdisci, R., Ariu, D., Fogla, P., et al.: McPAD: a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864–881 (2009)
Li, Y., Xia, J., Zhang, S., Yan, J., Ai, X., Dai, K.: An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst. Appl. 39(1), 424–430 (2012)
Hu, W.J., Liao, Y.H., Vemuri, V.R.: Robust support vector machines for anomaly detection in computer security. In: Proceedings of the 20th International Conference on Machine Learning, pp. 282–289 (2003)
McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Trans. Inf. Syst. Secur. 3(4), 262–294 (2000)
Portnoy, L., Eskin, E., Stolfo, S.: Intrusion detection with unlabeled data using clustering. In: ACM CSSWorkshop on Data Mining Applied to Security (2001)
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. In: Barbara, D., Jajodia, S. (eds.) Applications of Data Mining in Computer Security, Kluwer (2002)
Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: ACM Symposium on Applied Computing (SAC) (2002)
Wang, K., Stolfo, S.: Anagram: a content anomaly detector resistant to mimicry attack. In: Recent Advances in Intrusion Detection (RAID) (2006)
Toth, T., Kruegel, C.: Accurate buffer overflow detection via abstract payload execution. In: Recent Advances in Intrusion Detection (RAID) (2002)
Chinchani, R., Berg, E.V.D.: A fast static analysis approach to detect exploit code inside network flows. In: Recent Advances in Intrusion Detection (RAID) (2005)
Perdisci, R., Gu, G., Lee, W.: Using an ensemble of one-class svm classifiers to harden payload-based anomaly detection systems. In: ICDM 2006: Proceedings of the Sixth International Conference on Data Mining, pp. 488–498 (2006)
Gunter, S., Bunke, H.: Optimizing the number of states, training iterations and gaussians in an hmm-based handwritten word recognizer. In: Proceedings of the Seventh International Conference on Document Analysis and Recognition, IEEE Computer Society, p. 472 (2003)
Suen, C.Y.: n-gram statistics for natural language understanding and text processing. IEEE Trans. Pattern Anal. Mach. Intell. PAMI-1(2), 164–172 (1979)
Jamdagni, A., Tan, Z., Nanda, P., He, X., Liu, R.: Intrusion detection using geometrical structure. In: Fourth International Conference on Frontier of Computer Science and Technology, pp. 327–333 (2009)
Bolzoni, D., Etalle, S., Hartel, P.: POSEIDON: a 2-tier anomaly-based network intrusion detection system. In: Fourth IEEE International Workshop on Information Assurance 2006, pp. 156–165 (2006)
Jamdagni, A., Tan, Z., He, X., et al.: Repids: a multi-tier real-time payload-based intrusion detection system. Comput. Netw. 57(3), 811–824 (2013)
Hinton, G.E., Salakhutdinov, R.R.: Reducing the dimensionality of data with neural networks. Science 313(5786), 504 (2006)
Mikolov, T., Karafiát, M., Burget, L., et al.: Recurrent neural network based language model. In: INTERSPEECH 2010, Conference of the International Speech Communication Association, Makuhari, Chiba, Japan, September, DBLP, pp. 1045–1048 (2010)
Acknowledgments
This work was supported by National Natural Science Foundation of China (No. U1536122).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Jin, X., Cui, B., Yang, J., Cheng, Z. (2018). Payload-Based Web Attack Detection Using Deep Neural Network. In: Barolli, L., Xhafa, F., Conesa, J. (eds) Advances on Broad-Band Wireless Computing, Communication and Applications. BWCCA 2017. Lecture Notes on Data Engineering and Communications Technologies, vol 12. Springer, Cham. https://doi.org/10.1007/978-3-319-69811-3_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-69811-3_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69810-6
Online ISBN: 978-3-319-69811-3
eBook Packages: EngineeringEngineering (R0)