A Novel Data Augmentation Technique and Deep Learning Model for Web Application Security


KARACAN H., SEVRİ M.

IEEE ACCESS, vol.9, pp.150781-150797, 2021 (Peer-Reviewed Journal) identifier identifier

  • Publication Type: Article / Article
  • Volume: 9
  • Publication Date: 2021
  • Doi Number: 10.1109/access.2021.3125785
  • Journal Name: IEEE ACCESS
  • Journal Indexes: Science Citation Index Expanded, Scopus, Compendex, INSPEC, Directory of Open Access Journals
  • Page Numbers: pp.150781-150797
  • Keywords: Feature extraction, Security, Deep learning, Payloads, Uniform resource locators, Mathematical models, Machine learning algorithms, Web security, anomaly detection, deep learning, Bi-LSTM, data augmentation, INJECTION ATTACKS, CLASSIFICATION

Abstract

Web applications are often exposed to attacks because of the critical information and valuable assets they host. In this study, Bi-LSTM based web application security models were developed in order to detect web attacks and classify them into binary or multiple classes using HTTP requests. A novel data augmentation technique based on the self-adapting noise adding method (DA-SANA) was developed. The DA-SANA method solves the low sensitivity problem caused by imbalanced data and the complex structure of multi-class classification in web attack detection. Experimental evaluations are carried out in detail using two benchmark web security datasets and a newly created dataset within the scope of the study. The achieved worst case detection rates are 98.34% and 93.91% for binary-class and multi-class classifications, respectively. The proposed DA-SANA technique provides an average of 6.52% improvement in multi-class classification for two datasets. These results revealed that the best classification performance values were achieved when compared with previous studies.