Volume 11, Issue 3 (9-2019)                   itrc 2019, 11(3): 49-56 | Back to browse issues page

XML Print

Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:

Moradi Vartouni A, Mehralian S, Teshnehlab M, Sedighian Kashi S. Auto-Encoder LSTM Methods for Anomaly-Based Web Application Firewallall. itrc. 2019; 11 (3) :49-56
URL: http://ijict.itrc.ac.ir/article-1-370-en.html
1- Faculty of Electrical and Computer Engineering K.N. Toosi University of Technology
2- Faculty of Electrical and Computer Engineering K.N. Toosi University of Technology , teshnehlab@eetd.kntu.ac.ir
Abstract:   (281 Views)

Web Application Firewall (WAF) is known as one of the Intrusion Detection System (IDS) solutions for protecting web servers from HTTP attacks. WAF is a tool to identify and prevent many types of attacks, such as XSS and SQL-injection. In this paper, deep machine learning algorithms are used for enriching the WAF based on the anomaly detection method. Firstly, we construct attributes from HTTP data, to do so we consider two models namely n-gram and one-hot. Then, according to Auto-Encoder LSTM (AE-LSTM) as an unsupervised deep leaning method, we should extract informative features and then reduce them. Finally, we use ensemble isolation forest to train only normal data for the classifier. We apply the proposed model on CSIC 2010 and ECML/ PKDD 2007 datasets. The results show AE-LSTM has higher performance in terms of accuracy and generalization compared with naïve methods on CSIC dataset; the proposed method also have acceptable detection rate on ECML/PKDD dataset using n­-gram model.

Full-Text [PDF 872 kb]   (127 Downloads)    
Type of Study: Research | Subject: Network

Add your comments about this article : Your username or Email:

Send email to the article author

Rights and permissions
Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.