DETECTING WEB ATTACKS WITH END TO END DEEP LEARNING

Abstract

Due to their network accessibility and frequent weaknesses, web applications are common targets for cyber-attacks. When a hacking attempt is discovered, a system for intrusion detection monitors online applications and sends out alerts. Intrusion detection systems that are now in use often take features from input strings or network packets that are carefully chosen to be pertinent to attack analysis. However, picking characteristics manually takes a lot of time and requires in-depth understanding of the security area. Furthermore, in order for supervised learning algorithms to differentiate between normal and aberrant behaviours, they require a significant amount of labelled legitimate or attack request data, which is frequently prohibitively expensive for use in production web services. This work adds three new insights to the field on autonomic intrusion detection systems research. Using the Robust Software Modelling Tool (RSMT), which autonomously monitors and characterises the runtime behaviour of web applications, as a basis, we first assess the viability of an unsupervised/semi-supervised strategy for web attack detection. In the second section, we walk through how RSMT trains a stacked blurring auto encoder to encode as well as reconstruct a call graph for end-to-end deep learning. The reconstruction error of the request data is computed to identify anomalies using a low-dimensional representation of the feature set with unlabelled sample data. The findings of our empirical testing of RSMT on purposefully vulnerable production applications as well as artificial datasets are examined in our third section. According to our findings, the suggested method requires little domain expertise and a little amount of labelled training data in order to effectively and accurately detect attacks such as SQL injection, cross-site scripting, and deserialization.