Web Based Anomaly Detection Using Zero-Shot Learning With CNN

Dilek Yilmazer Demirel*, Mehmet Tahir Sandikkaya

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)

Abstract

In recent years, attacks targeting websites have become a persistent threat. Therefore, web application security has become a significant issue. Dealing with unbalanced data is the biggest obstacle to providing security for web applications since there are fewer malicious requests despite a large number of benign requests. This paper suggests a novel Zero-Shot Learning method employing a Convolutional Neural Network (ZSL-CNN) to address unbalanced data problem and high false positive rates. This approach uses only benign data during training while predicting unseen malicious requests. Five web request datasets are used for validation on a diverse set of samples. The first dataset is a novel dataset containing Internet banking web request logs provided by Yapi Kredi Teknoloji. Other datasets are (i) an open-source WAF dataset, (ii) CSIC 2010 HTTP dataset, (iii) HTTP Params 2015 dataset, and (iv) a hybrid dataset. URIs are extracted from these datasets and fed to the ZSL-CNN model after code embedding. The same datasets are tested using other well-known models such as Isolation Forest, Autoencoder, Denoising Autoencoder with Dropout, and One-Class SVM. As per the comparison of the outcomes, it is seen that true positive rate of ZSL-CNN model is the greatest, reaching 99.29%.

Original languageEnglish
Pages (from-to)91511-91525
Number of pages15
JournalIEEE Access
Volume11
DOIs
Publication statusPublished - 2023

Bibliographical note

Publisher Copyright:
© 2013 IEEE.

Keywords

  • CNN
  • Zero-shot learning
  • anomaly detection
  • attack detection
  • web attacks

Fingerprint

Dive into the research topics of 'Web Based Anomaly Detection Using Zero-Shot Learning With CNN'. Together they form a unique fingerprint.

Cite this