Congyuan Xu,Jizhong Shen,Xin Du

DOI: https://doi.org/10.1016/j.jisa.2021.102879

IF: 4.96

2021-01-01

Journal of Information Security and Applications

Abstract:Low-rate Denial of Service (LDoS) attacks use the low-rate requests to achieve the occupation of the network resources and have strong concealment. The traditional signal analysis based detection methods are challenging to detect LDoS attacks in the fluctuating legitimate traffic. In this paper, an LDoS attack detection method based on hybrid deep neural networks is proposed using one-dimensional convolutional neural network and gated recurrent unit. In order to evaluate the proposed detection method in the real scenarios, we captured real legitimate traffic from a website in the datacenter, and carried out a variety of real LDoS attacks on the mirror of the website in the laboratory environment to obtain real attack traffic. The detection results on the real traffic show that the proposed detection method does not need to extract features manually and can effectively detect LDoS attacks in fluctuating HTTP traffic with an average detection rate of 98.68%, which is more advantageous than MF-DFA or power spectral density based detection methods.

Congyuan Xu,Jizhong Shen,Xin Du

DOI: https://doi.org/10.1109/tifs.2020.2991876

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Conventional intrusion detection systems based on supervised learning techniques require a large number of samples for training, while in some scenarios, such as zero-day attacks, security agencies can only intercept a limited number of shots of malicious samples. Therefore, there is a need for few-shot detection. In this paper, a detection method based on a meta-learning framework is proposed for this purpose. The proposed method can be used to distinguish and compare a pair of network traffic samples as a basic task of learning, including a normal unaffected sample and a malicious one. To accomplish this task, we design a deep neural network (DNN) named FC-Net, which mainly comprises two parts: feature extraction network and comparison network. FC-Net learns a pair of feature maps for classification from a pair of network traffic samples, then compares the obtained feature maps, and finally determines whether the pair of samples belongs to the same type. To evaluate the proposed detection method, we construct two datasets for few-shot network intrusion detection based on real network traffic data sources, using a specifically developed approach. The experimental results indicate that the proposed detection method is universal and is not limited to specific datasets or attack types. Training and testing on the same datasets demonstrate that the proposed method can achieve the average detection rate up to 98.88%. The outcome of training on one dataset and testing on the other one confirms that the proposed method can achieve better performance. In a few-shot scenario, malicious samples in an untrained dataset can be detected successfully, and the average detection rate is up to 99.62%.

Lu Chen,Tao Zhang,Yuanyuan Ma,Mu Chen

DOI: https://doi.org/10.1109/iist62526.2024.00098

2024-01-01

Abstract:With the increasing complexity, automation, and intelligence of network attacks, new types of attacks are constantly emerging in the network, posing great challenges to network attack detection and timely response based on prior rules. In order to more effectively and accurately identify abnormal traffic, a network abnormal traffic detection algorithm based on improved convolutional neural networks is proposed. The algorithm first inputs the key features of traffic anomaly monitoring, converts them into color images through visualization technology, extracts higher dimensional features, and then uses neural structure search technology to find a lightweight convolutional network structure with high accuracy and less time consumption. The optimal model is used to output the type of traffic anomaly. The results indicate that the algorithm has a higher accuracy and the shortest classification time for a single image.

Li Chen,Cong Tang,Junjiang He,Hui Zhao,Xiaolong Lan,Tao Li

DOI: https://doi.org/10.1016/j.cose.2022.102831

2022-09-01

Abstract:Cross-site scripting (XSS) attack is one of the most serious security problems in web applications. Although deep neural network (DNN) has been used in XSS attack detection and achieved unprecedented success, it is vulnerable to adversarial example attacks because its input-output mapping is quite discontinuous to a large extent. The existence of adversarial examples have raised concerns in applying deep learning to key security fields. Therefore, to evaluate the effectiveness of these detection methods, a XSS adversarial example attack technique using Soft Actor-Critic (SAC) reinforcement learning algorithm is presented in the paper. A key aspect of our idea is to train an agent using SAC algorithm to build adversarial examples for several popular XSS detection models which have been proved can achieve very high accuracy rate by simulation experiments. We first design mutation strategies for different modules of XSS attack vectors to ensure the validity of the generated adversarial examples. Then, the agent selects an appropriate escape strategy according to the feedback of the detection model until it bypasses the detection model. The final experiment results show that our model can achieve an escape rate of more than 92% and outperforms the latest method by up to 6%. In other words, the effectiveness of these detection models needs to be improved, at least in terms of defense adversarial example attacks.

computer science, information systems

Jaydeep R. Tadhani,Vipul Vekariya,Vishal Sorathiya,Samah Alshathri,Walid El-Shafai

DOI: https://doi.org/10.1038/s41598-023-48845-4

IF: 4.6

2024-01-21

Scientific Reports

Abstract:Modern web application development involves handling enormous amounts of sensitive and consequential data. Security is, therefore, a crucial component of developing web applications. A web application's security is concerned with safeguarding the data it processes. The web application framework must have safeguards to stop and find application vulnerabilities. Among all web application attacks, SQL injection and XSS attacks are common, which may lead to severe damage to Web application data or web functionalities. Currently, there are many solutions provided by various study for SQLi and XSS attack detection, but most of the work shown have used either SQL/XSS payload-based detection or HTTP request-based detection. Few solutions available can detect SQLi and XSS attacks, but these methods provide very high false positive rates, and the accuracy of these models can further be improved. We proposed a novel approach for securing web applications from both cross-site scripting attacks and SQL injection attacks using decoding and standardization of SQL and XSS payloads and HTTP requests and trained our model using hybrid deep learning networks in this paper. The proposed hybrid DL model combines the strengths of CNNs in extracting features from input data and LSTMs in capturing temporal dependencies in sequential data. The soundness of our approach lies in the use of deep learning techniques that can identify subtle patterns in the data that traditional machine learning-based methods might miss. We have created a testbed dataset of Normal and SQLi/XSS HTTP requests and evaluated the performance of our model on this dataset. We have also trained and evaluated the proposed model on the Benchmark dataset HTTP CSIC 2010 and another SQL/XSS payload dataset. The experimental findings show that our proposed approach effectively identifies these attacks with high accuracy and a low percentage of false positives. Additionally, our model performed better than traditional machine learning-based methods. This soundness approach can be applied to various network security applications such as intrusion detection systems and web application firewalls. Using our model, we achieved an accuracy of 99.84%, 99.23% and 99.77% on the SQL-XSS Payload dataset, Testbed dataset and HTTP CSIC 2010 dataset, respectively.

multidisciplinary sciences

Qiuhua Wang,Hui Yang,Guohua Wu,Kim-Kwang Raymond Choo,Zheng Zhang,Gongxun Miao,Yizhi Ren

DOI: https://doi.org/10.1016/j.cose.2021.102554

2022-02-01

Abstract:Cross-site scripting (XSS) has been extensively studied, although mitigating such attacks in web applications remains challenging. While there is an increasing number of XSS attack detection approaches designed based on machine learning and deep learning algorithms, it is important to study and evaluate the reliability and security of these approaches. In our study, focusing on machine / deep learning-based XSS attack detection approaches, we propose a fuzzing-based approach to realize “Black&White attack”, in order to effectively improve the confidence coefficient of malicious samples. We also present an adversarial attack model based on Soft Q-learning, designed to generate adversarial attack examples for different XSS attack detection models using multiple strategies. Experimental results reveal that the proposed adversarial attack model generates adversarial attack examples against various XSS attack detection models, with an escape rate of over 85%. In other words, our research has implications on existing XSS attack detection models, for example in terms of effectiveness.

computer science, information systems

Jasleen Kaur,Urvashi Garg,Gourav Bathla

DOI: https://doi.org/10.1007/s10462-023-10433-3

IF: 9.588

2023-03-23

Artificial Intelligence Review

Abstract:With the rising demand for E-commerce, Social Networking websites, it has become essential to develop security protocols over the World Wide Web that can provide security and privacy to Internet users all over the globe. Several traditional encryption techniques and attack detection protocols can secure the data transmitted over public networks. However, hackers can effortlessly exploit them to acquire access to the users’ sensitive information such as user ID, session ID, cookies, passwords, bank account details, contact numbers, private PINs, database information, etc. Researchers have continuously innovated new techniques to build a secure and robust system that cannot be easily hacked and manipulated. Still, there is much scope for novelty to provide security against contemporary techniques used by intruders. The motivation of this survey is to observe the recent developments in Cross-Site Scripting attacks and techniques used by researchers to secure confidential information. Cross-Site Scripting (XSS) has been recognized as one of the top 10 online application security risks by the Open Web Application Security Project (OWASP) for decades. Therefore, dealing with this security flaw in web applications has become essential to avoid further personal and financial damage to Internet users and business organizations. There is a need for an extensive survey of recent XSS attack detection techniques that can provide the right direction to researchers and security professionals. We present a complete overview of recent machine learning and neural network-based XSS attack detection techniques in this paper, covering deep neural networks, decision trees, web-log-based detection models, and many more. This paper also highlights the research gaps that must be addressed while designing attack detection models. Further, challenges researchers face during the development of recent techniques are also discussed. Finally, future directions are provided to reflect on new concepts that can be used in forthcoming research works to improve XSS attack detection techniques.

computer science, artificial intelligence

Xinyu Wang,Jiqiang Zhai,Hailu Yang

DOI: https://doi.org/10.1038/s41598-024-74350-3

IF: 4.6

2024-10-28

Scientific Reports

Abstract:Web command injection attacks pose significant security threats to web applications, leading to potential server information leakage or severe server disruption. Traditional detection methods struggle with the increasing complexity and obfuscation of these attacks, resulting in poor identification of malicious code, complicated feature extraction processes, and low detection efficiency. To address these challenges, a novel detection model, the Convolutional Channel-BiLSTM Attention (CCBA) model, is proposed, leveraging deep learning techniques to enhance the identification of web command injection attacks. The model utilizes dual CNN convolutional channels for comprehensive feature extraction and employs a BiLSTM network for bidirectional recognition of temporal features. An attention mechanism is also incorporated to assign weights to critical features, improving the model's detection performance. Experimental results demonstrate that the CCBA model achieves 99.3% accuracy and 98.2% recall on a real-world dataset. To validate the robustness and generalization of the model, tests were conducted on two widely recognized public cybersecurity datasets, consistently achieving over 98% accuracy. Compared to existing methods, the proposed model offers a more effective solution for identifying web command injection attacks.

multidisciplinary sciences

Rezan Bakır,Halit Bakır

DOI: https://doi.org/10.1007/s13369-024-09140-0

IF: 2.807

2024-06-05

Arabian Journal for Science and Engineering

Abstract:Cross-Site Scripting (XSS) attacks continue to be a significant threat to web application security, necessitating robust detection mechanisms to safeguard user data and ensure system integrity. In this study, we present a novel approach for detecting XSS attacks that harnesses the combined capabilities of the Universal Sentence Encoder (USE) and Word2Vec embeddings as a feature extractor, aiming to enhance the performance of machine learning and deep learning techniques. By leveraging the semantic understanding of sentences offered by USE and the word-level representations from Word2Vec, we obtain a comprehensive feature representation for XSS attack payloads. Our proposed approach aims to capture both fine-grained word meanings and broader sentence contexts, leading to enhanced feature extraction and improved model performance. We conducted extensive experiments utilizing machine learning and deep learning architectures to evaluate the effectiveness of our approach. The obtained results demonstrate that our combined embeddings approach outperforms traditional methods, achieving superior accuracy, precision, recall, ROC, and F1-score in detecting XSS attacks. This study not only advances XSS attack detection but also highlights the potential of state-of-the-art natural language processing techniques in web security applications. Our findings offer valuable insights for the development of more robust and effective security measures against XSS attacks.

multidisciplinary sciences

Lanjun Wang,Xinran Qiao,Yanwei Xie,Weizhi Nie,Yongdong Zhang,Anan Liu

DOI: https://doi.org/10.1145/3581783.3612396

2023-01-01

Abstract:Social platforms such as Twitter are under siege from a multitude of fraudulent users. In response, social bot detection tasks have been developed to identify such fake users. Due to the structure of social networks, the majority of methods are based on the graph neural network(GNN), which is susceptible to attacks. In this study, we propose a node injection-based adversarial attack method designed to deceive bot detection models. Notably, neither the target bot nor the newly injected bot can be detected when a new bot is added around the target bot. This attack operates in a black-box fashion, implying that any information related to the victim model remains unknown. To our knowledge, this is the first study exploring the resilience of bot detection through graph node injection. Furthermore, we develop an attribute recovery module to revert the injected node embedding from the graph embedding space back to the original feature space, enabling the adversary to manipulate node perturbation effectively. We conduct adversarial attacks on four commonly used GNN structures for bot detection on two widely used datasets: Cresci-2015 and TwiBot-22. The attack success rate is over 73% and the rate of newly injected nodes being detected as bots is below 13% on these two datasets.

Wei Zhang,Yueqin Li,Xiaofeng Li,Minggang Shao,Yajie Mi,Hongli Zhang,Guoqing Zhi

DOI: https://doi.org/10.1155/2022/4836289

IF: 1.968

2022-03-24

Security and Communication Networks

Abstract:Among the network security problems, SQL injection is a common and challenging network attack means, which can cause inestimable loop-breaking and loss to the database, and how to detect SQL injection statements is one of the current research hotspots. Based on the data characteristics of SQL statements, a deep neural network-based SQL injection detection model and algorithm are built. The core method is to convert the data into word vector form by word pause method, then form a sparse matrix and pass it into the model for training, build a multihidden layer deep neural network model containing ReLU function, optimize the traditional loss function, and introduce Dropout method to improve the generalization ability of this model. The accuracy of the final model is maintained at over 96%. By comparing the experimental results with traditional machine learning algorithms and LSTM algorithms, the proposed algorithm effectively solves the problems of overfitting in machine learning and the need for manual screening to extract features, which greatly improves the accuracy of SQL injection detection.

computer science, information systems,telecommunications

Zhiquan Hu,Liejun Wang,Lei Qi,Yongming Li,Wenzhong Yang

DOI: https://doi.org/10.1109/access.2020.3034015

IF: 3.9

2020-01-01

IEEE Access

Abstract:The diversity of network attacks poses severe challenges to intrusion detection systems (IDSs). Traditional attack recognition methods usually adopt mining data associations to identify anomalies, which has the disadvantages of a high false alarm rate (FAR), low recognition accuracy (ACC) and poor generalization ability. To ameliorate the comprehensive capabilities of IDS and strengthen network security, we propose a novel intrusion detection method based on the adaptive synthetic sampling (ADASYN) algorithm and an improved convolutional neural network (CNN). First, we use the ADASYN method to balance the sample distribution, which can effectively prevent the model from being sensitive to large samples and ignore small samples. Second, the improved CNN is based on the split convolution module (SPC-CNN), which can increase the diversity of features and eliminate the impact of interchannel information redundancy on model training. Then, an AS-CNN model mixed with ADASYN and SPC-CNN is used for intrusion detection tasks. Finally, the standard NSL-KDD dataset is selected to test AS-CNN. The simulation illustrates that the accuracy is 4.60% and 2.79% higher than that of the traditional CNN and RNN models, and the detection rate (DR) increased by 11.34% and 10.27%, respectively. Additionally, the FAR decreased by 15.58% and 14.57%, respectively, compared with the two models.

computer science, information systems,telecommunications,engineering, electrical & electronic

Feng Cui,Mingdi Xu,Bo Xie,Chaoyang Jin,Zhengxiao Li,Haipeng Fan

DOI: https://doi.org/10.1109/ICCCS61882.2024.10603260

2024-04-19

Abstract:Intrusion Detection Systems (IDS) play a crucial role in safeguarding network security perimeters by monitoring network traffic and system behavior in real time. The advent of deep learning, particularly through the application of Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks, has significantly enhanced IDS's ability to detect network threats by leveraging autonomous learning and generalization capabilities. However, deep learning-based IDSs encounter challenges, including the necessity for extensive data labeling and the computational resources required, which pose obstacles to their widespread adoption and effectiveness. Nonetheless, deep learning-based IDS encounter challenges, including the requirement for extensive labeled datasets and significant computational resources. This paper proposes a novel hybrid IDS framework — HDCBAN that integrates deep convolutional neural networks, bidirectional LSTM networks, and the AlexNet model to efficiently predict and classify malicious network activities. The HDCBAN model employs deep CNNs to capture local features through convolution, bidirectional LSTMs to seize temporal features for enhanced performance and prediction capabilities, and AlexNet to augment classification efficacy through feature extraction. The effectiveness of this hybrid approach was assessed using real-world datasets, including the publicly available CSE-CIC-IDS 2017, CSE-CIC-IDS 2018, and NSL-KDD datasets, with preprocessing to optimize model performance. Experimental results, validated through 10-fold cross-validation, reveal that our model achieves a malicious attack detection rate and accuracy of up to 99.88% for CSE-CIC-IDS and 99.93% for NSL-KDD, thereby outperforming existing models in detection rate, accuracy, and reducing false positives.

Computer Science,Engineering

Peng Tang,Weidong Qiu,Zheng Huang,Huijuan Lian,Guozhen Liu

DOI: https://doi.org/10.1016/j.knosys.2020.105528

IF: 8.139

2020-01-01

Knowledge-Based Systems

Abstract:The SQL injection, a common web attack, has been a challenging network security issue which causes annually millions of dollars of financial loss worldwide as well as a large amount of users’ privacy data leakage. This work presents a high accuracy SQL injection detection method based on neural network. We first acquire authentic user URL access log data from the Internet Service Provider(ISP), ensuring that our approach is real, effective and practical. We then conduct statistical research on normal data and SQL injection data. Based on the statistical results, we design eight types of features and train an MLP model. The accuracy of the model maintains over 99%. Meanwhile, we compare and evaluate the training effect of other machine learning algorithms(LSTM, for example), the results reveal that the accuracy of our method is superior to the relevant machine learning algorithms.

Lian Yu,Lihao Chen,Jingtao Dong,Mengyuan Li,Lijun Liu,Bai Zhao,Chen Zhang

DOI: https://doi.org/10.1109/compsac48688.2020.0-167

2020-01-01

Abstract:This paper proposes an approach that combines a deep learning-based method and a traditional machine learning-based method to efficiently detect malicious requests Web servers received. The first few layers of Convolutional Neural Network for Text Classification (TextCNN) are used to automatically extract powerful semantic features and in the meantime transferable statistical features are defined to boost the detection ability, specifically Web request parameter tampering. The semantic features from TextCNN and transferable statistical features from artificially-designing are grouped together to be fed into Support Vector Machine (SVM), replacing the last layer of TextCNN for classification. To facilitate the understanding of abstract features in form of numerical data in vectors extracted by TextCNN, this paper designs trace-back functions that map max-pooling outputs back to words in Web requests. After investigating the current available datasets for Web attack detection, HTTP Dataset CSIC 2010 is selected to test and verify the proposed approach. Compared with other deep learning models, the experimental results demonstrate that the approach proposed in this paper is competitive with the state-of-the-art.

Fang Feng,Xin Liu,Binbin Yong,Rui Zhou,Qingguo Zhou

DOI: https://doi.org/10.1016/j.adhoc.2018.09.014

IF: 4.816

2019-01-01

Ad Hoc Networks

Abstract:Ad-hoc network is a temporary self-organizing network that needs no fixed infrastructure. So it has been applied extensively in many areas requesting temporary communication such as military field, emergency disaster relief and road traffic. While, due to the feature of self-organization and wireless communication channels, ad-hoc network is more vulnerable to various attacks compared to the traditional network. In this paper, we proposed a plug and play device to detect Denial of Service (DoS) and privacy attacks. This device mainly includes capture tool and deep learning detection model. Capture tool is used to grab packets in ad-hoc networks, deep learning detection model is used for detecting attacks. An alarm will be triggered if the detected result is attack. In this way, we can avoid the detected attack to spreading out in larger scale. The proposed method can be used as the second line of dense to issue the early-warning signal. In the experiment, first, we use Deep neural network (DNN) detection model to detect DoS attacks; next, we use DNN, Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) detection model to detect XSS and SQL attacks. The results show that these detection models can achieve very high Accuracy, Precision, Recall and F1−score. In addition, the time efficiency among the CNN, the LSTM and the DNN is in acceptable range. It proofs that the proposed method can be effectively applied for attack detection. It is important to note that the proposed method can be extended to all other attacks with little modification in ad-hoc networks.

Fawaz Mahiuob Mohammed Mokbal,Dan Wang,Xiaoxi Wang,Lihua Fu

DOI: https://doi.org/10.7717/peerj-cs.328

2020-12-14

Abstract:The rapid growth of the worldwide web and accompanied opportunities of web applications in various aspects of life have attracted the attention of organizations, governments, and individuals. Consequently, web applications have increasingly become the target of cyberattacks. Notably, cross-site scripting (XSS) attacks on web applications are increasing and have become the critical focus of information security experts' reports. Machine learning (ML) technique has significantly advanced and shown impressive results in the area of cybersecurity. However, XSS training datasets are often limited and significantly unbalanced, which does not meet well-developed ML algorithms' requirements and potentially limits the detection system efficiency. Furthermore, XSS attacks have multiple payload vectors that execute in different ways, resulting in many real threats passing through the detection system undetected. In this study, we propose a conditional Wasserstein generative adversarial network with a gradient penalty to enhance the XSS detection system in a low-resource data environment. The proposed method integrates a conditional generative adversarial network and Wasserstein generative adversarial network with a gradient penalty to obtain necessary data from directivity, which improves the strength of the security system over unbalance data. The proposed method generates synthetic samples of minority class that have identical distribution as real XSS attack scenarios. The augmented data were used to train a new boosting model and subsequently evaluated the model using a real test dataset. Experiments on two unbalanced XSS attack datasets demonstrate that the proposed model generates valid and reliable samples. Furthermore, the samples were indistinguishable from real XSS data and significantly enhanced the detection of XSS attacks compared with state-of-the-art methods.

Yongxing Lin,Xiaoyan Xu,Hongyun Xu

DOI: https://doi.org/10.1007/s10586-024-04603-3

2024-06-27

Cluster Computing

Abstract:In an era dominated by network connectivity, the reliance on robust and secure networks has become paramount. With the advent of 5G and the Internet of Things, networks are expanding in both scale and complexity, rendering them susceptible to a myriad of cyber threats. This escalating risk encompasses potential breaches of user privacy, unauthorized access to transmitted data, and targeted attacks on the underlying network infrastructure. To safeguard the integrity and security of modern networked societies, the deployment of Network Intrusion Detection Systems is imperative. This paper presents a novel lightweight detection model that seamlessly integrates Spiking Neural Networks and Convolutional Neural Networks with advanced algorithmic frameworks. Leveraging this hybrid approach, the proposed model achieves superior detection accuracy while maintaining efficiency in terms of power consumption and computational resources. This paper presents a new style recognition model that seamlessly integrates s piking neural networks and convolutional neural networks with advanced algorithmic frameworks. We call this combined method Spiking-HCCN. Using this hybrid approach, Spiking-HCCN achieves superior detection accuracy while maintaining efficiency in terms of power consumption and computational resources. Comparative evaluations against state-of-the-art models, including Spiking GCN and Spike-DHS, demonstrate significant performance advantages. Spiking-HCCN outperforms these benchmarks by 24% in detection accuracy, 21% in delay, and 29% in energy efficiency, underscoring its efficacy in fortifying network security in the face of evolving cyber threats.

computer science, information systems, theory & methods

LI Jia,YUN Xiaochun,LI Shuhao,ZHANG Yongzheng,XIE Jiang,FANG Fang

DOI: https://doi.org/10.11959/j.issn.1000-436x.2019019

2019-01-01

Abstract:In response to the HTTP malicious traffic detection problem, a preprocessing method based on cutting mechanism and statistical association was proposed to perform statistical information correlation as well as normalization processing of traffic. Then, a hybrid neural network was proposed based on the combination of raw data and empirical feature engineering. It combined convolutional neural network (CNN) and multilayer perceptron (MLP) to process text and statistical information. The effect of the model was significantly improved compared with traditional machine learning algorithms (e.g., SVM). The F1 value reached 99.38％ and had a lower time complexity. At the same time, a data set consisting of more than 450 000 malicious traffic and more than 20 million non-malicious traffic was created. In addition, prototype system based on model was designed with detection precision of 98.1％～99.99％ and recall rate of 97.2％～ 99.5％. The application is excellent in real network environment.

Adem Tekerek

DOI: https://doi.org/10.1016/j.cose.2020.102096

2021-01-01

Abstract:Unprotected Web applications are vulnerable places for hackers to attack an organization's network. Statistics show that 42% of Web applications are exposed to threats and hackers. Web requests that Web users request from Web applications are manipulated by hackers to control Web servers. Web queries are detected to prevent manipulations of hacker's attacks. Web attack detection is extremely essential in information distribution over the past decades. Anomaly methods based on machine learning are preferred in the Web application security. This present study aimed to propose an anomaly-based Web attack detection architecture in a Web application using deep learning methods. The architecture structure consists of data preprocess and Convolution Neural Network (CNN) steps. To prove the suitability and success of the proposed CNN architecture, CSIC2010v2 datasets were used. The proposed architecture performed detection of Web attacks, using anomaly-based detection type. Based on the experimental results of the study, the proposed CNN deep learning architecture presented successful outcomes.

computer science, information systems