Anomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism

Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in detecting new attacks. To tackle this problem, various methods of machine learning have been presented in recent years. Since malicious web requests have more delicate distinction than normal requests, these methods have failed to exhibit a good accuracy in new attack detection. This paper presents a new method for web attack detection using seq2seq networks using attention. The results show that this method could predict the possible responses and use the difference from the real responses of the server to model the normal traffic. Thereby, it could use the similarity measure to discriminate between normal and anomalous traffic. The highest accuracy of this method versus similar methods shows that the use of attention mechanism can cope with the challenge of studying long web requests to a great extent.