A Novel Data Augmentation Technique and Deep Learning Model for Web Application Security

KARACAN H., SEVRİ M.

IEEE ACCESS, cilt.9, ss.150781-150797, 2021 (SCI-Expanded) identifier identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 9
  • Basım Tarihi: 2021
  • Doi Numarası: 10.1109/access.2021.3125785
  • Dergi Adı: IEEE ACCESS
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, INSPEC, Directory of Open Access Journals
  • Sayfa Sayıları: ss.150781-150797
  • Anahtar Kelimeler: Feature extraction, Security, Deep learning, Payloads, Uniform resource locators, Mathematical models, Machine learning algorithms, Web security, anomaly detection, deep learning, Bi-LSTM, data augmentation, INJECTION ATTACKS, CLASSIFICATION
  • Gazi Üniversitesi Adresli: Evet

Özet

Web applications are often exposed to attacks because of the critical information and valuable assets they host. In this study, Bi-LSTM based web application security models were developed in order to detect web attacks and classify them into binary or multiple classes using HTTP requests. A novel data augmentation technique based on the self-adapting noise adding method (DA-SANA) was developed. The DA-SANA method solves the low sensitivity problem caused by imbalanced data and the complex structure of multi-class classification in web attack detection. Experimental evaluations are carried out in detail using two benchmark web security datasets and a newly created dataset within the scope of the study. The achieved worst case detection rates are 98.34% and 93.91% for binary-class and multi-class classifications, respectively. The proposed DA-SANA technique provides an average of 6.52% improvement in multi-class classification for two datasets. These results revealed that the best classification performance values were achieved when compared with previous studies.