Malicious Web Request Detection Using Character-Level CNN

摘要

Web parameter injection attacks are common and have put a great threat to the security of web applications. In this kind of attacks, malicious attackers can employ HTTP requests to implement attacks against servers by injecting some malicious codes into the parameters of the HTTP requests. Against the web parameter injection attacks, most of the existing Web Intrusion Detection Systems (WIDS) cannot find unknown new attacks and have a high false positive rate (FPR), since they lack the ability of re-learning and rarely pay attention to the intrinsic relationship between the characters. In this paper, we propose a malicious requests detection system with re-learning ability based on an improved convolution neural network (CNN) model. We add a character-level embedding layer before the convolution layer, which makes our model able to learn the intrinsic relationship between the characters of the request parameters. Further, we modify the filters of CNN and the modified filters can extract the fine-grained features of the request parameters. The test results demonstrate that our model has lower FPR compared with support vector machine (SVM) and random forest (RF).