Volume 11, Issue 3 (9-2019)                   2019, 11(3): 49-56 | Back to browse issues page

XML Print


1- Faculty of Electrical and Computer Engineering K.N. Toosi University of Technology
2- Faculty of Electrical and Computer Engineering K.N. Toosi University of Technology , teshnehlab@eetd.kntu.ac.ir
Abstract:   (1701 Views)

Web Application Firewall (WAF) is known as one of the Intrusion Detection System (IDS) solutions for protecting web servers from HTTP attacks. WAF is a tool to identify and prevent many types of attacks, such as XSS and SQL-injection. In this paper, deep machine learning algorithms are used for enriching the WAF based on the anomaly detection method. Firstly, we construct attributes from HTTP data, to do so we consider two models namely n-gram and one-hot. Then, according to Auto-Encoder LSTM (AE-LSTM) as an unsupervised deep leaning method, we should extract informative features and then reduce them. Finally, we use ensemble isolation forest to train only normal data for the classifier. We apply the proposed model on CSIC 2010 and ECML/ PKDD 2007 datasets. The results show AE-LSTM has higher performance in terms of accuracy and generalization compared with naïve methods on CSIC dataset; the proposed method also have acceptable detection rate on ECML/PKDD dataset using n­-gram model.

Full-Text [PDF 872 kb]   (912 Downloads)    
Type of Study: Research | Subject: Network

Rights and permissions
Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.