%A Hieu Mac
%A Dung Truong
%A Lam Nguyen
%A Ngoc Hoa Nguyen
%A Hai Anh Tran
%A Quang Duc Tran
%T Detecting Atacks on Web Applications using Autoencoder
%X Web attacks have become a real threat to the Internet. This paper proposes the use of autoencoder to detect malicious pattern in the HTTP/HTTPS requests. The autoencoder is able to operate on the raw data and thus, does not require the hand-crafted features to be extracted. We evaluate the original autoencoder and its variants and end up with the Regularized Deep Autoencoder, which can achieve an F1-score of 0.9463 on the CSIC 2010 dataset. It also produces a better performance with respect to OWASP Core Rule Set and other one-class methods, reported in the literature. The Regularized Deep Autoencoder is then combined with Modsecurity in order to protect a website in real time. This algorithm proves to be comparable to the original Modsecurity in terms of computation time and is ready to be deployed in practice.
%C Da Nang
%D 2018
%L SisLab3166