{"title":"Detecting Web Attacks From HTTP Weblogs Using Variational LSTM Autoencoder Deviation Network","authors":"Rikhi Ram Jagat;Dilip Singh Sisodia;Pradeep Singh","doi":"10.1109/TSC.2024.3453748","DOIUrl":null,"url":null,"abstract":"Web attacks penetrate the web applications’ security through unauthorized access to sensitive information, disrupting services, and stealing data. Conventionally, rule-based statistical methods distinguish attackers from legitimate users. However, the training through manually extracted weblog features is time-consuming and requires subject expertise. Additionally, the supervised attack classification method needs massive, labeled weblog data, which is expensive and unfeasible. Also, the unsupervised classification techniques have resolved the labeled data insufficiency problem, but their detection performance is unreliable. Recent studies focus on recognizing web attacks through deep neural network-based anomaly detection. Hence, this study proposes an anomaly detection-based Variational LSTM Autoencoder Deviation Network (VLADEN) for recognizing web attacks from weblogs. This work resolves the aforementioned issues by extracting the aberrant information encoded in weblog request data to detect web attacks. VLADEN works in three stages: data preprocessing, anomaly and reference score generation, and classification. The variational LSTM self-encoding-based reference score generation ensures that the anomaly score deviates from the normal data. The proposed model is experimentally validated on three publicly available datasets (CSIS2010, FWAF, and HTTPParams) and evaluated using AUC-ROC and AUC-PR-based evaluation metrics. The results demonstrate the models’ superior performance in detecting attack requests with minimum domain knowledge and labeled data.","PeriodicalId":13255,"journal":{"name":"IEEE Transactions on Services Computing","volume":"17 5","pages":"2210-2222"},"PeriodicalIF":5.5000,"publicationDate":"2024-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Services Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10669063/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Web attacks penetrate the web applications’ security through unauthorized access to sensitive information, disrupting services, and stealing data. Conventionally, rule-based statistical methods distinguish attackers from legitimate users. However, the training through manually extracted weblog features is time-consuming and requires subject expertise. Additionally, the supervised attack classification method needs massive, labeled weblog data, which is expensive and unfeasible. Also, the unsupervised classification techniques have resolved the labeled data insufficiency problem, but their detection performance is unreliable. Recent studies focus on recognizing web attacks through deep neural network-based anomaly detection. Hence, this study proposes an anomaly detection-based Variational LSTM Autoencoder Deviation Network (VLADEN) for recognizing web attacks from weblogs. This work resolves the aforementioned issues by extracting the aberrant information encoded in weblog request data to detect web attacks. VLADEN works in three stages: data preprocessing, anomaly and reference score generation, and classification. The variational LSTM self-encoding-based reference score generation ensures that the anomaly score deviates from the normal data. The proposed model is experimentally validated on three publicly available datasets (CSIS2010, FWAF, and HTTPParams) and evaluated using AUC-ROC and AUC-PR-based evaluation metrics. The results demonstrate the models’ superior performance in detecting attack requests with minimum domain knowledge and labeled data.
期刊介绍:
IEEE Transactions on Services Computing encompasses the computing and software aspects of the science and technology of services innovation research and development. It places emphasis on algorithmic, mathematical, statistical, and computational methods central to services computing. Topics covered include Service Oriented Architecture, Web Services, Business Process Integration, Solution Performance Management, and Services Operations and Management. The transactions address mathematical foundations, security, privacy, agreement, contract, discovery, negotiation, collaboration, and quality of service for web services. It also covers areas like composite web service creation, business and scientific applications, standards, utility models, business process modeling, integration, collaboration, and more in the realm of Services Computing.