MC-MLDCNN: Multichannel Multilayer Dilated Convolutional Neural Networks for Web Attack Detection

Abstract

The explosive growth of web-based technology has led to an increase in sophisticated and complex attacks that target web applications. To protect against this growing threat, a reliable web attack detection methodology is essential. This research aims to provide a method that can detect web attacks accurately. A character-level multichannel multilayer dilated convolutional neural network (MC-MLDCNN) is proposed to identify web attacks accurately. The model receives the full text of HTTP requests as inputs. Character-level embedding is applied to embed HTTP requests to the model. Therefore, feature extraction is carried out automatically by the model, and no additional effort is required. This approach significantly simplifies the preprocessing phase. The methodology consists of multichannel dilated convolutional neural network blocks with various kernel sizes. Each channel involves several layers with exponentially increasing dilation sizes. Through the integration of multichannel and multilayer dilated convolutional neural networks, the model can efficiently capture the temporal relation and dependence of character granularity of HTTP requests at different scales and levels. As a result, the structure enables the model to easily capture dependencies over extended and long sequences of HTTP requests and consequently identify attacks accurately. The outcomes of the experiments carried out on the CSIC 2010 dataset show that the proposed model outperforms several state-of-the-art deep learning-based models in the literature and some traditional deep learning models by identifying web attacks with a precision score of 99.65%, a recall score of 98.80%, an $F_1$ score of 99.22%, and an accuracy score of 99.36%. A useful web attack detection system must be able to balance accurate attack identification with minimizing false positives (identifying normal requests as attacks). The success of the model in recognizing normal requests is further evaluated to guarantee increased security without sacrificing web applications’ usability and availability.