Anomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism

Today, most activities and important data are placed on Internet websites, so attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in detecting new attacks. To tackle this problem, various machine learning methods have been developed in recent years. Since attack requests differ from normal requests slightly, these anomaly detection methods have failed to exhibit good accuracy in new attack detection. In web requests and responses, a great deal of interconnected data is usually moved, and anomaly detection attempts need to consider all these connections, but this is a very complicated task. Thus, some research works on attack detection are confined to the analysis of just URL and a part of the request. This paper presents a new method for web attack detection using seq2seq networks using attention. The method is shown to successfully classify the traffic by predicting the possible responses and calculating differences from real responses of the webserver. The higher accuracy of this method versus similar methods shows that the use of the attention mechanism can cope with the challenge of analyzing long web requests and responses to a great extent. The proposed model exhibited a high result in terms of the specificity criterion when it came to such attacks as SQL Injection and XSS whose success highly depends on the server’s response. This can be attributed to the inclusion of the link between the request and response in identifying web attacks in the proposed method.