利用变异 LSTM 自动编码器偏差网络从 HTTP 网络日志中检测网络攻击

IF 5.5 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Rikhi Ram Jagat;Dilip Singh Sisodia;Pradeep Singh
{"title":"利用变异 LSTM 自动编码器偏差网络从 HTTP 网络日志中检测网络攻击","authors":"Rikhi Ram Jagat;Dilip Singh Sisodia;Pradeep Singh","doi":"10.1109/TSC.2024.3453748","DOIUrl":null,"url":null,"abstract":"Web attacks penetrate the web applications’ security through unauthorized access to sensitive information, disrupting services, and stealing data. Conventionally, rule-based statistical methods distinguish attackers from legitimate users. However, the training through manually extracted weblog features is time-consuming and requires subject expertise. Additionally, the supervised attack classification method needs massive, labeled weblog data, which is expensive and unfeasible. Also, the unsupervised classification techniques have resolved the labeled data insufficiency problem, but their detection performance is unreliable. Recent studies focus on recognizing web attacks through deep neural network-based anomaly detection. Hence, this study proposes an anomaly detection-based Variational LSTM Autoencoder Deviation Network (VLADEN) for recognizing web attacks from weblogs. This work resolves the aforementioned issues by extracting the aberrant information encoded in weblog request data to detect web attacks. VLADEN works in three stages: data preprocessing, anomaly and reference score generation, and classification. The variational LSTM self-encoding-based reference score generation ensures that the anomaly score deviates from the normal data. The proposed model is experimentally validated on three publicly available datasets (CSIS2010, FWAF, and HTTPParams) and evaluated using AUC-ROC and AUC-PR-based evaluation metrics. The results demonstrate the models’ superior performance in detecting attack requests with minimum domain knowledge and labeled data.","PeriodicalId":13255,"journal":{"name":"IEEE Transactions on Services Computing","volume":"17 5","pages":"2210-2222"},"PeriodicalIF":5.5000,"publicationDate":"2024-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detecting Web Attacks From HTTP Weblogs Using Variational LSTM Autoencoder Deviation Network\",\"authors\":\"Rikhi Ram Jagat;Dilip Singh Sisodia;Pradeep Singh\",\"doi\":\"10.1109/TSC.2024.3453748\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Web attacks penetrate the web applications’ security through unauthorized access to sensitive information, disrupting services, and stealing data. Conventionally, rule-based statistical methods distinguish attackers from legitimate users. However, the training through manually extracted weblog features is time-consuming and requires subject expertise. Additionally, the supervised attack classification method needs massive, labeled weblog data, which is expensive and unfeasible. Also, the unsupervised classification techniques have resolved the labeled data insufficiency problem, but their detection performance is unreliable. Recent studies focus on recognizing web attacks through deep neural network-based anomaly detection. Hence, this study proposes an anomaly detection-based Variational LSTM Autoencoder Deviation Network (VLADEN) for recognizing web attacks from weblogs. This work resolves the aforementioned issues by extracting the aberrant information encoded in weblog request data to detect web attacks. VLADEN works in three stages: data preprocessing, anomaly and reference score generation, and classification. The variational LSTM self-encoding-based reference score generation ensures that the anomaly score deviates from the normal data. The proposed model is experimentally validated on three publicly available datasets (CSIS2010, FWAF, and HTTPParams) and evaluated using AUC-ROC and AUC-PR-based evaluation metrics. The results demonstrate the models’ superior performance in detecting attack requests with minimum domain knowledge and labeled data.\",\"PeriodicalId\":13255,\"journal\":{\"name\":\"IEEE Transactions on Services Computing\",\"volume\":\"17 5\",\"pages\":\"2210-2222\"},\"PeriodicalIF\":5.5000,\"publicationDate\":\"2024-09-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Services Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10669063/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Services Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10669063/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

网络攻击通过未经授权访问敏感信息、中断服务和窃取数据来渗透网络应用程序的安全性。传统上,基于规则的统计方法可以区分攻击者和合法用户。然而,通过手动提取网络日志特征进行训练非常耗时,而且需要专业知识。此外,有监督的攻击分类方法需要大量有标签的网络日志数据,成本高昂且不可行。此外,无监督分类技术虽然解决了标记数据不足的问题,但其检测性能并不可靠。最近的研究侧重于通过基于深度神经网络的异常检测来识别网络攻击。因此,本研究提出了一种基于异常检测的变异 LSTM 自编码偏差网络(VLADEN),用于识别网络日志中的网络攻击。这项研究通过提取网络日志请求数据中的异常信息来检测网络攻击,从而解决了上述问题。VLADEN 的工作分为三个阶段:数据预处理、异常和参考分数生成以及分类。基于变异 LSTM 自编码的参考得分生成确保异常得分偏离正常数据。所提出的模型在三个公开数据集(CSIS2010、FWAF 和 HTTPParams)上进行了实验验证,并使用基于 AUC-ROC 和 AUC-PR 的评估指标进行了评估。结果表明,模型在检测攻击请求方面表现出色,只需最少的领域知识和标记数据。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Detecting Web Attacks From HTTP Weblogs Using Variational LSTM Autoencoder Deviation Network
Web attacks penetrate the web applications’ security through unauthorized access to sensitive information, disrupting services, and stealing data. Conventionally, rule-based statistical methods distinguish attackers from legitimate users. However, the training through manually extracted weblog features is time-consuming and requires subject expertise. Additionally, the supervised attack classification method needs massive, labeled weblog data, which is expensive and unfeasible. Also, the unsupervised classification techniques have resolved the labeled data insufficiency problem, but their detection performance is unreliable. Recent studies focus on recognizing web attacks through deep neural network-based anomaly detection. Hence, this study proposes an anomaly detection-based Variational LSTM Autoencoder Deviation Network (VLADEN) for recognizing web attacks from weblogs. This work resolves the aforementioned issues by extracting the aberrant information encoded in weblog request data to detect web attacks. VLADEN works in three stages: data preprocessing, anomaly and reference score generation, and classification. The variational LSTM self-encoding-based reference score generation ensures that the anomaly score deviates from the normal data. The proposed model is experimentally validated on three publicly available datasets (CSIS2010, FWAF, and HTTPParams) and evaluated using AUC-ROC and AUC-PR-based evaluation metrics. The results demonstrate the models’ superior performance in detecting attack requests with minimum domain knowledge and labeled data.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
IEEE Transactions on Services Computing
IEEE Transactions on Services Computing COMPUTER SCIENCE, INFORMATION SYSTEMS-COMPUTER SCIENCE, SOFTWARE ENGINEERING
CiteScore
11.50
自引率
6.20%
发文量
278
审稿时长
>12 weeks
期刊介绍: IEEE Transactions on Services Computing encompasses the computing and software aspects of the science and technology of services innovation research and development. It places emphasis on algorithmic, mathematical, statistical, and computational methods central to services computing. Topics covered include Service Oriented Architecture, Web Services, Business Process Integration, Solution Performance Management, and Services Operations and Management. The transactions address mathematical foundations, security, privacy, agreement, contract, discovery, negotiation, collaboration, and quality of service for web services. It also covers areas like composite web service creation, business and scientific applications, standards, utility models, business process modeling, integration, collaboration, and more in the realm of Services Computing.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信