Abstract
Web parameter injection attacks are common and have put a great threat to the security of web applications. In this kind of attacks, malicious attackers can employ HTTP requests to implement attacks against servers by injecting some malicious codes into the parameters of the HTTP requests. Against the web parameter injection attacks, most of the existing Web Intrusion Detection Systems (WIDS) cannot find unknown new attacks and have a high false positive rate (FPR), since they lack the ability of re-learning and rarely pay attention to the intrinsic relationship between the characters. In this paper, we propose a malicious requests detection system with re-learning ability based on an improved convolution neural network (CNN) model. We add a character-level embedding layer before the convolution layer, which makes our model able to learn the intrinsic relationship between the characters of the request parameters. Further, we modify the filters of CNN and the modified filters can extract the fine-grained features of the request parameters. The test results demonstrate that our model has lower FPR compared with support vector machine (SVM) and random forest (RF).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
WAF malicious queries data sets. https://github.com/faizann24/Fwaf-Machine-Learning-driven-Web-Application-Firewall
Cloud security report of alert logic (2017). https://www.alertlogic.com/resources/cloud-security-report-2017/
Web application attacks accounted for 73% of all incidents says report (2017). https://www.scmagazineuk.com/web-application-attacks-accounted-for-73-of-all-incidents-says-report/article/682004/
Web attack visualization (2018). https://www.akamai.com/uk/en/about/our-thinking/state-of-the-internet-report/web-attack-visualization.jsp
Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems, software available from tensorflow. org (2015). http://tensorflow.org
Bengio, Y., Ducharme, R., Vincent, P., Jauvin, C.: A neural probabilistic language model. J. Mach. Learn. Res. 3(Feb), 1137–1155 (2003)
Dong, Y., Zhang, Y.: Adaptively detecting malicious queries in web attacks. arXiv preprint arXiv:1701.07774 (2017)
Gimnez, C., Villegas, A.P., Marañón, G.Á.: HTTP data set CSIC 2010 (2010)
Joshi, A., Geetha, V.: SQL injection detection using machine learning. In: 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT), pp. 1111–1115. IEEE (2014)
Kim, Y.: Convolutional neural networks for sentence classification. arXiv preprint arXiv:1408.5882 (2014)
Nair, V., Hinton, G.E.: Rectified linear units improve restricted Boltzmann machines. In: Proceedings of the 27th International Conference on Machine Learning, ICML 2010, pp. 807–814 (2010)
Ng, A.Y.: Feature selection, L1 vs. L2 regularization, and rotational invariance. In: Proceedings of the Twenty-First International Conference on Machine learning, p. 78. ACM (2004)
Pedregosa, F., et al.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
Rawat, R., Shrivastav, S.K.: SQL injection attack detection using SVM. Int. J. Comput. Appl. 42(13), 1–4 (2012)
Shibahara, T., et al.: Malicious URL sequence detection using event de-noising convolutional neural network. In: 2017 IEEE International Conference on Communications (ICC), pp. 1–7. IEEE (2017)
Uwagbole, S.O., Buchanan, W.J., Fan, L.: Applied machine learning predictive analytics to SQL injection attack detection and prevention. In: 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 1087–1090. IEEE (2017)
Wikipedia contributors: Intrusion detection system – Wikipedia, the free encyclopedia (2018). https://en.wikipedia.org/w/index.php?title=Intrusion_detection_system&oldid=844776879#Detection_method. Accessed 13 June 2018
Wikipedia contributors: Precision and recall – Wikipedia, the free encyclopedia (2018). https://en.wikipedia.org/w/index.php?title=Precision_and_recall&oldid=845527433. Accessed 13 June 2018
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Rong, W., Zhang, B., Lv, X. (2019). Malicious Web Request Detection Using Character-Level CNN. In: Chen, X., Huang, X., Zhang, J. (eds) Machine Learning for Cyber Security. ML4CS 2019. Lecture Notes in Computer Science(), vol 11806. Springer, Cham. https://doi.org/10.1007/978-3-030-30619-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-30619-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30618-2
Online ISBN: 978-3-030-30619-9
eBook Packages: Computer ScienceComputer Science (R0)