Detecting Web Attacks Based on Clustering Algorithm and Multi-branch CNN
DOI:
https://doi.org/10.54654/isj.v2i12.120Keywords:
web attack detection, convolutional neural network (CNN), deep learning, K-means, multi-branch CNNTóm tắt
Abstract—This paper proposes and develops a web attack detection model that combines a clustering algorithm and a multi-branch convolutional neural network (CNN). The original feature set was clustered into clusters of similar features. Each cluster of similar features was generalized in a convolutional structure of a branch of the CNN. The component feature vectors are assembled into a synthetic feature vector and included in a fully connected layer for classification. Using K-fold cross-validation, the accuracy of the proposed method 98.8%,
F1-score is 98.9% and the improvement rate of accuracy is 1.479%.
Tóm tắt—Bài báo đề xuất và phát triển mô hình phát hiện tấn công Web dựa trên kết hợp thuật toán phân cụm và mạng nơ-ron tích chập (CNN) đa nhánh. Tập đặc trưng ban đầu được phân cụm thành các nhóm đặc trưng tương ứng. Mỗi nhóm đặc trưng được khái quát hoá trong một nhánh của mạng CNN đa nhánh để tạo thành một vector đặc trưng thành phần. Các vector đặc trưng thành phần được ghép lại thành một vector đặc trưng tổng hợp và đưa vào lớp liên kết đầy đủ để phân lớp. Sử dụng phương pháp kiểm thử chéo trên mô hình đề xuất, độ chính xác đạt 98,8%, F1-score đạt 98,8% và tỉ lệ cải tiến độ chính xác là 1,479%.
Downloads
References
Ozgur Koray Sahingoz, Ebubekir Buber, Onder Demir, Banu Diri, Machine learning based phishing detection from URLs, Expert Systems With Applications 117, 2019, pp. 345–357.
Ankit Kumar Jain1 · B. B. Gupta, A Machine Learning based Approach for phishing detection using hyperlinks information, © Springer-Verlag GmbH Germany, part of Springer
Nature 2018.
Anamika Joshi, Geetha V, SQL Injection Detection using Machine Learning, 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT), 2014.
Yuchun Tang, Zhenyu Zhong, Yuanchen He, System and Method for Detection of DoS Attacks, Apr. 25, 2013.
Ming Zhang, Boyi Xu, Shuai Bai, Shuaibing Lu, and Zhechao Lin, A Deep Learning Method to Detect Web Attacks Using a Specially Designed CNN, ICONIP 2017, Part V, LNCS 10638, 2017, pp. 828–836.
Ali Moradi Vartouni, Saeed Sedighian Kashi, Mohammad Teshnehlab, An Anomaly Detection Method to Detect Web Attacks Using Stacked Auto-Encoder, 6th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS), 2018.
Ruibo Yan, Xi Xiao, Guangwu Hu, Sancheng Peng, Yong Jiang, New deep learning method to detect code injection attacks on hybrid applications, The Journal of Systems and Software 137, 2018, pp. 67–77.
Yadigar Imamverdiyev, Fargana Abdullayeva, Deep Learning Method for Denial of Service Attack Detection Based on Restricted Boltzmann Machine, Mary Ann Liebert, Inc., Big Data, Volume 6 Number 2, 2018.
Coenen, F., Goulbourne, G. and Leng, P., Tree Structures for Mining association Rules, Journal of Data Mining and Knowledge Discovery, Vol 8, No 1, 2003, pp. 25-51.
Asantha Thilina, Shakthi Attanayake, Sacith Samarakoon, Dahami Nawodya, Lakmal Rupasinghe, Nadith Pathirage, Tharindu Edirisinghe, Kesavan Krishnadeva, Intruder Detection Using Deep Learning and Association Rule Mining, IEEE International Conference on Computer and Information Technology, 2016.
Martin Ester, Hans-Peter Kriegel, Jörg Sander, and Xiaowei Xu, A density-based algorithm for discovering clusters in large spatial databases with noise, In Proceedings of the 2nd ACM International Conference on Knowledge Discovery and Data Mining (KDD), 1996, pp. 226–231.
Junhao Gan, Yufei Tao, DBSCAN revisited: Mis-Claim, Un-fixability and Approximation, SIGMODE 2015.
Erich Schubert, Jorg Sander, Martin Ester, Hans-Peter Kriegel, Xiaowei Xu, DBSCAN Revisited, Revisited: Why and How You Should (Still) Use DBSCAN, ACM Trans. Database Syst. 42, 3, Article 19, 2017.
14. Bin Li, Hu Luo, Haoxin Zhang, Shunquan Tan, Zhongzhou Ji, A multi-branch convolutional neural network for detecting double JPEG compression, Arxiv, 2017.
Shahab Aslani, Michael Dayan, Loredana Storelli, Massimo Filippi, Vittorio Murino, Maria A Rocca, Diego Sona, Multi-branch Convolutional Neural Network for Multiple Sclerosis Lesion Segmentation, Arxiv,
April 2019.
Pengyi Hao, Xiang Gao, Zhihe Li, Jinglin Zhang, Fuli Wu, Cong Bai, Multi-branch fusion network for Myocardial infarction screening from 12-lead ECG images, Computer Methods and Programs in Biomedicine 184, 2020.
Web attack detection dataset: https://github.com/DuckDuckBug/cnn_waf
Pan Yao, Sun Fangzhou, Teng Zhongwei, White Jules, Schmidt Douglas, Staples Jacob and Krause Lee, Detecting web attacks with end-to-end deep learning. Journal of Internet Services and Applications, 2019.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).