Web Application Firewall Based on Anomaly Detection using Deep Learning

Home Page
About
Submit A Journal
Submit A Conference
Submit Paper/Book
- Submit a Preprint
- Submit a Book
Publisher/Editor Panel
- Sign In/Sign Up

Acta Infologica
Volume:6 Issue:2
Web Application Firewall Based on Anomaly Detection using Deep Learning

Web Application Firewall Based on Anomaly Detection using Deep Learning

Authors : Sezer TOPRAK, Ali Gökhan YAVUZ

Pages : 219-244

Doi:10.26650/acin.1039042

View : 19 | Download : 13

Publication Date : 2022-12-31

Article Type : Research Paper

Abstract :Anomaly detection has been researched in different areas and application domains. The main difficulty is to identify the outliers from the normals in case of encountering an input that has unique features and new values. In order to accomplish this task, the research focusses on using Machine Learning and Deep Learning techniques. In the world of the Internet, we are facing a similar problem to identify whether a website request contains malicious activity or just a normal request. Web Application Firewall insert ignore into journalissuearticles values(WAF); systems provide such protection against malicious requests using a rule based approach. In recent years, anomaly based solutions have been integrated in addition to rule based systems. Still, such solutions can only provide security up to a point and such techniques can generate false-positive results that leave the backend systems vulnerable and most of the time rules based protection can be bypassed with simple tricks insert ignore into journalissuearticles values(eg. encoding, obfuscation);. The main focus of the research is WAF systems that employ single and stacked LSTM layers which are based on character sequences of user supplied data and revealing hyper-parameter values for optimal results. A semi-supervised approach is used and trained with PayloadAllTheThings dataset containing real attack payloads and only normal payloads of HTTP Dataset CSIC 2010 are used. The success rate of the technique - whether the user input is identified as malicious or normal - is measured using F1 scores. The proposed model demonstrated high F1 scores and success in terms of detection and classification of the attacks.
Keywords : Derin öğrenme, web uygulama güvenlik duvarı, makine öğrenmesi, sinir ağları, web saldırıları, anomali tespiti, HTTP protokolü

ORIGINAL ARTICLE URL

VIEW PAPER (PDF)

All Rights Reserved. İzmir Akademi Derneği
CopyRight © 2025