Automatic Detection of HTTP Injection Attacks using Convolutional Neural Network and Deep Neural Network
HTTP injection attacks are well known cyber security threats with fatal consequences. These attacks initiated by malicious entities (either human or computer) send dangerous or unsafe malicious contents into the parameters of HTTP requests. Combatting injection attacks demands for the development of Web Intrusion Detection Systems (WIDS). Common WIDS follow a rule-based approach or a signature-based approach which have the common problem of high false-positive rate (wrongly classifying malicious HTTP requests) hence making them restricted to only one type of web application. They are easily bypassed and unable to detect new kinds of malicious attacks as they lack a sufficient model of understanding the representations of HTTP request parameters. In this paper, deep learning techniques are used to develop models that would automatically detect injection attacks in HTTP requests. A special layer called the character embedding layer in the deep learning models is used to allow the learning of the representation of the request parameter of HTTP requests in higher abstract levels and also aid in learning the relationships between the characters of the request parameter. The experimentation results showed that with deep learning, better injection attack detection is possible and given the right dataset, a deep learning detection model would be able to correctly classify HTTP requests for any web application.
R. Fielding and R. Julian, “Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content,” RFC Editor, 2014.
R. M. Lomte and S. A. Bhura, “Survey of different Web Application Attacks and its Preventive Measures,” IOSR Journal of Computer Engineering (IOSR-JCE), vol. 14, no. 5, pp. 46–51, 2013.
E. Shafie, “Runtime Detection and Prevention for Structure Query Language Injection Attacks,” Leicester, 2013.
I. Goodfellow, Y. Bengio and A. Courville, Deep learning, Massachusetts: MIT press, 2016.
Y. LeCun , Y. Bengio and G. Hinton, “Deep Learning,” Nature, pp. 436-444, 2015.
B. Gallagher and T. Eliassi-Rad, “Classification of HTTP attacks: A study on the ECML/PKDD 2007 discovery challenge,” Lawrence Livermore National Lab, Livermore, 2009.
A. S. Choudhary and M. L. Dhore, “CIDT: Detection of malicious code injection attacks on web application,” International Journal of Computer Applications, vol. 50, no. 2, pp. 52–60, 2012.
H. Lampesberger, P. Winter, M. Zeilinger and E. Hermann, “An On-line Learning Stastical Model to Detect Malicious Web Requests,” in Security and Privacy in Communication Networks. SecureComm 2011. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 96, Berlin, Heidelberg, Springer, 2012, pp. 19–38.
R. Kozik, M. Choras, R. Renk and W. Holubowicz, “A Proposal of algorithm for web applications cyber attack detection,” in IFIP International Conference on Computer Information Systems and Industrial Management, Berlin, Heidelberg, 2015.
M. B. Seyyar, F. Ö. Çatak and E. Gül, “Detection of attack-targeted scans from the Apache HTTP Server access,” Applied Computing and Informatics, vol. 14, no. 1, pp. 28–36, 2017.
Y. Dong and Y. Zhang, “Adaptively Detecting Malicious Queries in Web Attacks,” arXiv preprint arXiv:1701.07774, 2017.
S. Althubiti, X. Yuan and A. Esterline, “Analyzing HTTP requests for web intrusion detection,” in KSU Proceedings on Cybersecurity Education, Research and Practice, Kennesaw, 2017.
W. Rong, B. Zhang and X. Lv, “Malicious Web Request Detection Using Character-level CNN,” in Machine Learning for Cyber Security. ML4CS 2019. Lecture Notes in Computer Science, vol. 11806, Springer, Cham, 2018.
Swisskyrepo, “GitHub,” 5 July 2019. [Online]. Available: http:/github.com/swisskyrepo/PayloadsAllTheThings. [Accessed 28 July 2020].
F. Chollet, “Introducing keras 1.0.,” 15 March 2015. [Online]. Available: https://blog.keras.io/introducing-keras-10.html.
F. Chollet, Deep learning with Python, 1st ed., New York: Manning Publications, 2018.
M. Abadi, A. Agarwal, P. Barham, E. Brevdo, Z. Chen, C. Citro, G. S. Corrado, A. Davis, J. Dean, M. Devin, S. Ghemawat, I. Goodfellow, A. Harp, G. Irving, M. Isard, Y. Jia, R. Jozefowicz, L. Kaiser, M. Kudlur, J. Levenberg, D. Mane, R. Monga, S. Moore, D. Murray, C. Olah, M. Schuster, J. Shlens, B. Steiner, I. Sutskever, K. Talwar, P. Tucker, V. Vanhoucke, V. Vasudevan, F. Viegas, O. Vinyals, P. Warden, M. Wattenberg, M. Wicke, Y. Yu and X. Zheng, TensorFlow: Large-Scale Machine Learning on Heterogenous Systems, arXiv preprint arXiv:1603.04467, 2016.
F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot and E. Duchesnay, “Scikit-learn: Machine Learning in Python,” Journal of Machine Learning Research, vol. 12, pp. 2825–2830, 2011.
W. McKinney, “Data Structures for Statistical Computing in Python,” in Python in Science Conference, 2010.
S. van der Walt, C. S. Colbert and G. Varoquax, “The Numpy Array: A structure for Efficient Numerical Computation,” Computing in Science & Engineering, vol. 13, pp. 22–30, 2011.
T. Heitz and M. Roche, “Attack Challenge - ECML/PKDD Workshop,” 2007. [Online]. Available: http://www.lirmm.fr/pkdd2007-challenge/index.html. [Accessed June 2019].
C. T. Gimenez, A. P. Villegas and G. A. Maranon, “HTTP DATASET CSIC 2010,” 20 January 2012. [Online]. Available: http://www.isi.csic.es/dataset.
Copyright (c) 2020 Journal of Cyber Security and Mobility
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.