Volume 11, Issue 3 (9-2019)                   IJICTR 2019, 11(3): 49-56 | Back to browse issues page

XML Print


Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:

Moradi Vartouni A, Mehralian S, Teshnehlab M, Sedighian Kashi S. Auto-Encoder LSTM Methods for Anomaly-Based Web Application Firewall. IJICTR. 2019; 11 (3) :49-56
URL: http://ijict.itrc.ac.ir/article-1-370-en.html
1- PhD student Faculty of Electrical and Computer Engineering K.N. Toosi University of Technology
2- Prof. Faculty of Electrical and Computer Engineering K.N. Toosi University of Technology , teshnehlab@eetd.kntu.ac.ir
3- Dr. Faculty of Electrical and Computer Engineering K.N. Toosi University of Technology
Abstract:   (133 Views)

Web Application Firewall (WAF) is known as one of the Intrusion Detection System (IDS) solutions for protecting web servers from HTTP attacks. WAF is a tool to identify and prevent many types of attacks, such as XSS and SQL-injection. In this paper, deep machine learning algorithms are used for enriching the WAF based on the anomaly detection method. Firstly, we construct attributes from HTTP data, to do so we consider two models namely n-gram and one-hot. Then, according to Auto-Encoder LSTM (AE-LSTM) as an unsupervised deep leaning method, we should extract informative features and then reduce them. Finally, we use ensemble isolation forest to train only normal data for the classifier. We apply the proposed model on CSIC 2010 and ECML/ PKDD 2007 datasets. The results show AE-LSTM has higher performance in terms of accuracy and generalization compared with naïve methods on CSIC dataset; the proposed method also have acceptable detection rate on ECML/PKDD dataset using n­-gram model.

Full-Text [PDF 872 kb]   (58 Downloads)    
Type of Study: Research | Subject: Network

Add your comments about this article : Your username or Email:
CAPTCHA code

Send email to the article author