Web attacks detection using stacked generalization ensemble for LSTMs and word embedding

Abstract

Web-based applications are prone to many web security attacks because they are openly-accessible and convenient. Most techniques used to prevent web attacks have some limitations; they cannot detect zero-day attacks and cannot analyze complex attacks, and should be maintained and updated regularly by security experts. Recently, there have been more research work on using deep learning for detecting web intrusions. Moreover, since most high risk web attacks are injected into HTTP web requests, detecting most web attacks needs classifying HTTP web requests into normal and anomalous. In this paper, we propose an approach based on Word2vec embedding and a stacked generalization ensemble model for LSTMs to detect malicious HTTP web requests. We evaluate our classification model performance using the HTTP CSIC 2010 dataset. We show that the combination of different word-level embeddings in a stacked generalization ensemble model for LSTMs has good performance both in terms of classification metrics and training time.