Deep-Learning Based Injection Attacks Detection Method for HTTP

Chunhui Zhao, Shuaijie Si, Tengfei Tu, Yijie Shi and Sujuan Qin ()
Additional contact information
Chunhui Zhao: State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
Shuaijie Si: State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
Tengfei Tu: State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
Yijie Shi: State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
Sujuan Qin: State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China

Mathematics, 2022, vol. 10, issue 16, 1-17

Abstract: In the context of the new era of high digitization and informatization, the emergence of the internet and artificial intelligence technologies has profoundly changed people’s lifestyles. The traditional cyber attack detection has become increasingly weak in the context of the increasingly complex network environment in the new era, and deep learning technology has begun to play a significant role in the field of network security. There are many kinds of attacks against web applications, which are very harmful, including SQL (Structured Query Language) injection, XSS (Cross-Site Scripting), and command injection. Based on the detection of SQL injection and XSS attacks, this paper combines the detection of command injection attacks, which are also very harmful, and proposes a multi-classification detection method for web injection attacks. We extract features in the URL (Uniform Resource Locator) and request body of HTTP (Hyper Text Transfer Protocol) requests and combine deep learning technology to build a multi-classification model for injection attacks. Firstly, aiming at the problem of imbalanced distribution of training samples and low detection accuracy of command injection attack, a sample generation method is proposed. The experimental results show that the proposed method ensures a higher detection rate of command injection attacks and lower false alarms. Secondly, we propose a more expressive feature fusion model, which effectively combines the features extracted by deep learning with the discrete features extracted manually. The experimental results show that the feature fusion model proposed in this work is more effective compared with a single deep learning model. The accuracy of the model is improved by about 1%.

Keywords: cyber attacks; command injection; deep learning; cyber security; feature fusion; sample generation (search for similar items in EconPapers)
JEL-codes: C (search for similar items in EconPapers)
Date: 2022
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2227-7390/10/16/2914/pdf (application/pdf)
https://www.mdpi.com/2227-7390/10/16/2914/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jmathe:v:10:y:2022:i:16:p:2914-:d:887279

Access Statistics for this article

Mathematics is currently edited by Ms. Emma He

More articles in Mathematics from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().