Malicious Web Request Detection Using Character-level CNN
This addresses the problem of high false positive rates and inability to detect unknown attacks in web intrusion detection systems, offering an incremental improvement for cybersecurity applications.
The paper tackles web parameter injection attacks by proposing a malicious request detection system using an improved character-level CNN, which achieves a lower false positive rate compared to SVM and random forest.
Web parameter injection attacks are common and powerful. In this kind of attacks, malicious attackers can employ HTTP requests to implement attacks against servers by injecting some malicious codes into the parameters of the HTTP requests. Against the web parameter injection attacks, most of the existing Web Intrusion Detection Systems (WIDS) cannot find unknown new attacks and have a high false positive rate (FPR), since they lack the ability of re-learning and rarely pay attention to the intrinsic relationship between the characters. In this paper, we propose a malicious requests detection system with re-learning ability based on an improved convolution neural network (CNN) model. We add a character-level embedding layer before the convolution layer, which makes our model able to learn the intrinsic relationship between the characters of the query string. Further, we modify the filters of CNN and the modified filters can extract the fine-grained features of the query string. The test results demonstrate that our model has lower FPR compared with support vector machine (SVM) and random forest (RF).