Research on Deep Learning and Feature Aggregation Techniques for Web Security
DOI:
https://doi.org/10.13052/jwe1540-9589.2426Keywords:
Web security, network traffic analysis, deep learning, search engine vulnerability, cybersecurityAbstract
With the rapid development of internet technologies, Web services have been widely applied in various fields, including finance, healthcare, education, e-commerce, and the Internet of Things, bringing great convenience to humanity. However, Web security threats have become increasingly severe, with side-channel attacks (SCA) emerging as a covert and highly dangerous attack method. SCAs exploit non-explicit information, such as network traffic patterns and response times, to steal sensitive user data, posing serious threats to user privacy and system security. Traditional detection methods primarily rely on rule-based feature engineering and statistical analysis, but these methods show significant limitations in terms of detection performance when dealing with complex attack patterns and high-dimensional, large-scale network traffic data. To address these issues, this paper proposes a side-channel leakage detection method based on SSA-ResNet-SAN. The SSA (sparrow search algorithm) is an optimization mechanism, intelligently searching for globally optimal feature subsets to enhance the model’s feature selection capabilities and global optimization performance. Combined with deep residual networks (ResNet) and the signature aggregation network (SAN), the method performs a comprehensive analysis of both single-attribute and aggregated-attribute features in network traffic, thereby improving the model’s accuracy and robustness. Experimental results demonstrate that SSA-ResNet-SAN significantly outperforms existing methods on multiple practical datasets. On the Google dataset, the use of aggregated attribute features enables SSA-ResNet-SAN to achieve an accuracy of 93%, which is substantially higher than that of other models. Furthermore, in multi-class tasks on the Baidu and Bing datasets, SSA-ResNet-SAN exhibits strong robustness and applicability. These experimental results fully validate the outstanding performance of SSA-ResNet-SAN in side-channel leakage detection, providing an efficient and reliable solution for the field of Web security.
Downloads
References
I. Jemal, M. A. Haddar, O. Cheikhrouhou, and A. Mahfoudhi, “M-CNN: a new hybrid deep learning model for web security.” pp. 1–7.
Y. Pan, F. Sun, Z. Teng, J. White, D. C. Schmidt, J. Staples, and L. Krause, “Detecting web attacks with end-to-end deep learning,” Journal of Internet Services and Applications, vol. 10, no. 1, pp. 1–22, 2019.
M. Zhang, B. Xu, S. Bai, S. Lu, and Z. Lin, “A deep learning method to detect web attacks using a specially designed CNN.” pp. 828–836.
W. B. Shahid, B. Aslam, H. Abbas, S. B. Khalid, and H. Afzal, “An enhanced deep learning based framework for web attacks detection, mitigation and attacker profiling,” Journal of Network and Computer Applications, vol. 198, pp. 103270, 2022.
Y. Fang, Y. Li, L. Liu, and C. Huang, “DeepXSS: Cross site scripting detection based on deep learning.” pp. 47–51.
J. Wang, F. Li, S. Lv, L. He, and C. Shen, “Physically Realizable Adversarial Creating Attack against Vision-based BEV Space 3D Object Detection,” IEEE Transactions on Image Processing, 2025.
P. Yi, Y. Guan, F. Zou, Y. Yao, W. Wang, and T. Zhu, “Web phishing detection using a deep learning framework,” Wireless Communications and Mobile Computing, vol. 2018, no. 1, pp. 4678746, 2018.
J. C. Eunaicy, and S. Suguna, “Web attack detection using deep learning models,” Materials Today: Proceedings, vol. 62, pp. 4806–4813, 2022.
J. Wang, F. Li, and L. He, “A Unified Framework for Adversarial Patch Attacks against Visual 3D Object Detection in Autonomous Driving,” IEEE Transactions on Circuits and Systems for Video Technology, 2025.
Z. Tian, C. Luo, J. Qiu, X. Du, and M. Guizani, “A distributed deep learning system for web attack detection on edge devices,” IEEE Transactions on Industrial Informatics, vol. 16, no. 3, pp. 1963–1971, 2019.
D. S. Berman, A. L. Buczak, J. S. Chavis, and C. L. Corbett, “A survey of deep learning methods for cyber security,” Information, vol. 10, no. 4, pp. 122, 2019.
S. Toprak, and A. G. Yavuz, “Web application firewall based on anomaly detection using deep learning,” Acta Infologica, vol. 6, no. 2, pp. 219–244, 2022.
W. B. Shahid, B. Aslam, H. Abbas, H. Afzal, and S. B. Khalid, “A deep learning assisted personalized deception system for countering web application attacks,” Journal of Information Security and Applications, vol. 67, pp. 103169, 2022.
M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,” Journal of Information Security and Applications, vol. 50, pp. 102419, 2020.
B. R. Dawadi, B. Adhikari, and D. K. Srivastava, “Deep learning technique-enabled web application firewall for the detection of web attacks,” Sensors, vol. 23, no. 4, pp. 2073, 2023.
F. Jiang, Y. Fu, B. B. Gupta, Y. Liang, S. Rho, F. Lou, F. Meng, and Z. Tian, “Deep learning based multi-channel intelligent attack detection for data security,” IEEE transactions on Sustainable Computing, vol. 5, no. 2, pp. 204–212, 2018.
W. Cui, T. Chen, and E. Chan-Tin, “More realistic website fingerprinting using deep learning.” pp. 333–343.
M. Li, and A. W. Guenier, “ChatGPT and Health Communication: A Systematic Literature Review,” International Journal of E-Health and Medical Communications (IJEHMC), vol. 15, no. 1, pp. 1–26, 2024.
L. Tang, and Q. H. Mahmoud, “A deep learning-based framework for phishing website detection,” IEEE Access, vol. 10, pp. 1509–1521, 2021.
D. Perdices, J. E. L. de Vergara, I. González, and L. de Pedro, “Web browsing privacy in the deep learning era: Beyond VPNs and encryption,” Computer Networks, vol. 220, pp. 109471, 2023.
H. Ran, W. Li, L. Li, S. Tian, X. Ning, and P. Tiwari, “Learning optimal inter-class margin adaptively for few-shot class-incremental learning via neural collapse-based meta-learning,” Information Processing & Management, vol. 61, no. 3, pp. 103664, 2024.
H. Zhang, C. Wang, L. Yu, S. Tian, X. Ning, and J. Rodrigues, “Pointgt: A method for point-cloud classification and segmentation based on local geometric transformation,” IEEE Transactions on Multimedia, 2024.
M. T. Muslihi, and D. Alghazzawi, “Detecting SQL injection on web application using deep learning techniques: a systematic literature review.” pp. 1–6.
Y. Zhou, Z. Wang, S. Zheng, L. Zhou, L. Dai, H. Luo, Z. Zhang, and M. Sui, “Optimization of automated garbage recognition model based on resnet-50 and weakly supervised cnn for sustainable urban development,” Alexandria Engineering Journal, vol. 108, pp. 415–427, 2024.
P. Yang, G. Zhao, and P. Zeng, “Phishing website detection based on multidimensional features driven by deep learning,” IEEE access, vol. 7, pp. 15196–15209, 2019.
H. Alkahtani, and T. H. Aldhyani, “Developing cybersecurity systems based on machine learning and deep learning algorithms for protecting food security systems: industrial control systems,” Electronics, vol. 11, no. 11, pp. 1717, 2022.
Y.-H. Choi, P. Liu, Z. Shang, H. Wang, Z. Wang, L. Zhang, J. Zhou, and Q. Zou, “Using deep learning to solve computer security challenges: a survey,” Cybersecurity, vol. 3, pp. 1–32, 2020.
R. Geetha, and T. Thilagam, “A review on the effectiveness of machine learning and deep learning algorithms for cyber security,” Archives of Computational Methods in Engineering, vol. 28, no. 4, pp. 2861–2879, 2021.
L. Zeng, “The Influence of Knowledge Worker Salary Satisfaction on Employee Job Performance,” Journal of Organizational and End User Computing (JOEUC), vol. 35, no. 1, pp. 1–17, 2023.
L. Lakshmi, M. P. Reddy, C. Santhaiah, and U. J. Reddy, “Smart phishing detection in web pages using supervised deep learning classification and optimization technique ADAM,” Wireless Personal Communications, vol. 118, no. 4, pp. 3549–3564, 2021.
J. Saxe, R. Harang, C. Wild, and H. Sanders, “A deep learning approach to fast, format-agnostic detection of malicious web content.” pp. 8–14.
A. Gaurav, B. B. Gupta, C.-H. Hsu, D. Perakoviæ, and F. J. G. Peñalvo, “Deep learning based approach for secure Web of Things (WoT).” pp. 1–6.
Y. Li, and Z. Li, “Research on monitoring method of stock market systematic crash based on market transaction data,” Journal of Organizational and End User Computing (JOEUC), vol. 35, no. 1, pp. 1–17, 2023.
D. Chen, P. Wawrzynski, and Z. Lv, “Cyber security in smart cities: a review of deep learning-based applications and case studies,” Sustainable Cities and Society, vol. 66, pp. 102655, 2021.
N.-H. Nguyen, V.-H. Le, V.-O. Phung, and P.-H. Du, “Toward a deep learning approach for detecting php webshell.” pp. 514–521.
G. Apruzzese, M. Colajanni, L. Ferretti, A. Guido, and M. Marchetti, “On the effectiveness of machine and deep learning for cyber security.” pp. 371–390.
P. Abinaya, and S. J. Kumar, “Assured and provable data expuncturing in cloud using ciphertext policy-attribute based encryption (CP-ABE),” CYBERNETICS AND SYSTEMS, vol. 55, no. 4, pp. 786–803, 2024.
Y. Shen, E. Mariconti, P. A. Vervier, and G. Stringhini, “Tiresias: Predicting security events through deep learning.” pp. 592–605.
A. Thakkar, and R. Lohiya, “A review on machine learning and deep learning perspectives of IDS for IoT: recent updates, security issues, and challenges,” Archives of Computational Methods in Engineering, vol. 28, no. 4, pp. 3211–3243, 2021.
S. Karthikeyan, and K. Lakshmi, “FPGA Based Integrated Control of Brushless DC Motor for Renewable Energy Storage System,” CYBERNETICS AND SYSTEMS, 2023.
Y. E. Seyyar, A. G. Yavuz, and H. M. Ünver, “An attack detection framework based on BERT and deep learning,” IEEE Access, vol. 10, pp. 68633–68644, 2022.
X. Wang, S. Wang, P. Feng, K. Sun, S. Jajodia, S. Benchaaboun, and F. Geck, “Patchrnn: A deep learning-based system for security patch identification.” pp. 595–600.
F. Y. Yavuz, “Deep learning in cyber security for internet of things,” Fen Bilimleri Enstitüsü, 2018.
T. M. Masenya, “Digital Transformation of Medical Libraries: Positioning and Pioneering Electronic Health Record Systems in South Africa,” International Journal of E-Health and Medical Communications (IJEHMC), vol. 15, no. 1, pp. 1–13, 2024.
A. Fidalgo, I. Medeiros, P. Antunes, and N. Neves, “Towards a deep learning model for vulnerability detection on web application variants.” pp. 465–476.
K. Ravikumar, P. Chiranjeevi, N. M. Devarajan, C. Kaur, and A. I. Taloba, “Challenges in internet of things towards the security using deep learning techniques,” Measurement: Sensors, vol. 24, pp. 100473, 2022.
