Research On Deep Learning Based Web Attack Detection

With the development of Internet technology in the past two decades,the amount and the variety of cyber attacks are growing rapidly.As an important access point to the Internet,Web applications have faced increasingly severe security challenges in recent years.At the same time,as a sub-class of machine learning,Deep Learning(DL)has developed by leaps and bounds in the last decade.Many researchers have applied the deep learning method in Web attack detection.However,these researchers only focus on using deep learning to improve the detection accuracy on some specific datasets without delving into the characteristics of the data generated by the Web application and characteristics of the applied deep learning model.Concerning the shortcomings of the previous research,we focus on the special scenario of deep learning based Web attack detection.Our research designs a modular Web attack detection system,which aims to make full use of the advantages of deep learning while filling its potential security loopholes.Firstly,enlightened by the traditional signature-based Web attacks detection method,we apply convolutional neural network to capture attack keywords in the Web request,and then we apply the recurrent neural network to construct the context relation of the Web request,so as to detect Web attacks.Under the same test condition,when detecting known attack types,the proposed attack detection model can achieve higher accuracy.In addition,thanks to recurrent neural networks,our model can better generalize the attack features: when detecting unknown attacks,it can maintain a very low false positive rate and provide a higher recall rate comparing to the previous models.Secondly,because the deep learning model is vulnerable to adversarial attacks when performing image and text classification tasks,we investigate the security of the DL-based Web attack detection model itself.We propose effective methods to build adversarial Web requests,which exposes the vulnerability of these models.In response to this problem,we analyze the characteristics of data manifolds,and build a module to detect adversarial Web requests.Finally,although the DL model eliminates the cumbersome process of manually constructing attack signatures,it still relies heavily on the accurate data annotations.We train the Web attack detection model on the data with annotation errors.Using the prediction probability given by the deep learning model and the model uncertainty estimation,we propose effective method to locate possible annotation errors,and thus construct an annotation error detection module.In this paper,we conduct experiments on two Web log datasets,including a public Web dataset – CSIC 2010 HTTP and a Web dataset built on real web logs and real attack payloads.The experiment proves that the proposed DL based Web attack detection system can improve the detection accuracy and at the mean time,solve the potential problems that deep learning might bring.Deep learning models can effectively improve the accuracy of attack detection,but its application in Web security should not be limited to improving accuracy on specific datasets.The research in this paper explores the security of the deep learning model itself and the problem of data labeling errors in model training.We hope that researchers could thinking deeply about the Web security problem before applying deep learning techniques.We also hope that through our research,we could bring the DL-based Web security system to the actual production environment,and make it a better choice for website protection in the near future.