Web Application Attack Detection using Deep Learning
This addresses security vulnerabilities in web applications for developers and security professionals, but it appears incremental as it applies existing deep learning methods to a known dataset.
The paper tackles web application attack detection by proposing a deep learning model using an auto-encoder to analyze HTTP/HTTPS message sequences, achieving an ROC curve accuracy of 1 and low false positive rates in experiments.
Modern web applications are dominated by HTTP/HTTPS messages that consist of one or more headers, where most of the exploits and payloads can be injected by attackers. According to the OWASP, the 80 percent of the web attacks are done through HTTP/HTTPS requests queries. In this paper, we present a deep learning based web application attacks detection model. The model uses auto-encoder that can learn from the sequences of word and weight each word or character according to them. The classification engine is trained on ECML-KDD dataset for classification of anomaly queries with respect to specific attack type. The proposed web application detection engine is trained with anomaly and benign web queries to achieve the accuracy of receiver operating characteristic curve of 1. The experimental results show that the proposed model can detect web applications attack successfully with low false positive rate.