relation: https://eprints.uet.vnu.edu.vn/eprints/id/eprint/3166/
title: Detecting Atacks on Web Applications using Autoencoder
creator: Mac, Hieu
creator: Truong, Dung
creator: Nguyen, Lam
creator: Nguyen, Ngoc Hoa
creator: Tran, Hai Anh
creator: Tran, Quang Duc
subject: Information Technology (IT)
description: Web attacks have become a real threat to the Internet. This paper proposes the use of autoencoder to detect malicious pattern in the HTTP/HTTPS requests. The autoencoder is able to operate on the raw data and thus, does not require the hand-crafted features to be extracted. We evaluate the original autoencoder and its variants and end up with the Regularized Deep Autoencoder, which can achieve an F1-score of 0.9463 on the CSIC 2010 dataset. It also produces a better performance with respect to OWASP Core Rule Set and other one-class methods, reported in the literature. The Regularized Deep Autoencoder is then combined with Modsecurity in order to protect a website in real time. This algorithm proves to be comparable to the original Modsecurity in terms of computation time and is ready to be deployed in practice.
date: 2018-12
type: Conference or Workshop Item
type: NonPeerReviewed
identifier:   Mac, Hieu and Truong, Dung and Nguyen, Lam and Nguyen, Ngoc Hoa and Tran, Hai Anh and Tran, Quang Duc  (2018) Detecting Atacks on Web Applications using Autoencoder.  In: The Ninth International Symposium on Information and Communication Technology (SoICT 2018), 6-7 December 2018, Da Nang.    (In Press)