%0 Conference Paper
%A Mac, Hieu
%A Truong, Dung
%A Nguyen, Lam
%A Nguyen, Ngoc Hoa
%A Tran, Hai Anh
%A Tran, Quang Duc
%B The Ninth International Symposium on Information and Communication Technology (SoICT 2018)
%C Da Nang
%D 2018
%F SisLab:3166
%T Detecting Atacks on Web Applications using Autoencoder
%U https://eprints.uet.vnu.edu.vn/eprints/id/eprint/3166/
%X Web attacks have become a real threat to the Internet. This paper proposes the use of autoencoder to detect malicious pattern in the HTTP/HTTPS requests. The autoencoder is able to operate on the raw data and thus, does not require the hand-crafted features to be extracted. We evaluate the original autoencoder and its variants and end up with the Regularized Deep Autoencoder, which can achieve an F1-score of 0.9463 on the CSIC 2010 dataset. It also produces a better performance with respect to OWASP Core Rule Set and other one-class methods, reported in the literature. The Regularized Deep Autoencoder is then combined with Modsecurity in order to protect a website in real time. This algorithm proves to be comparable to the original Modsecurity in terms of computation time and is ready to be deployed in practice.