Web Application Attack Detection using Deep Learning (2011.03181v1)

Abstract: Modern web applications are dominated by HTTP/HTTPS messages that consist of one or more headers, where most of the exploits and payloads can be injected by attackers. According to the OWASP, the 80 percent of the web attacks are done through HTTP/HTTPS requests queries. In this paper, we present a deep learning based web application attacks detection model. The model uses auto-encoder that can learn from the sequences of word and weight each word or character according to them. The classification engine is trained on ECML-KDD dataset for classification of anomaly queries with respect to specific attack type. The proposed web application detection engine is trained with anomaly and benign web queries to achieve the accuracy of receiver operating characteristic curve of 1. The experimental results show that the proposed model can detect web applications attack successfully with low false positive rate.