hh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
W2R: an ensemble Anomaly detection model inspired by language models for web application firewalls security
Halmstad University, School of Information Technology.
Halmstad University, School of Information Technology.
2023 (English)Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Nowadays, web application attacks have increased tremendously due to the large number of users and applications. Thus, industries are paying more attention to using Web application Firewalls and improving their security which acts as a shield between the app and the internet by filtering and monitoring the HTTP traffic. Most works focus on either traditional feature extraction or deep methods that require no feature extraction method. We noticed that a combination of an unsupervised language model and a classic dimension reduction method is less explored for this problem. Inspired by this gap, we propose a new unsupervised anomaly detection model with better results than the existing state-of-the-art model for anomaly detection in WAF security. This paper focuses on this structure to explore WAF security: 1) feature extraction from HTTP traffic packets by using NLP (natural language processing) methods such as word2vec and Bert, and 2) Dimension reduction by PCA and Autoencoder, 3) Using different types of anomaly detection techniques including OCSVM, isolation forest, LOF and combination of these algorithms to explore how these methods affect results.  We used the datasets CSIC 2010 and ECML/PKDD 2007 in this paper, and the model has better results. 

Place, publisher, year, edition, pages
2023. , p. 41
Keywords [en]
web application firewall, anomaly detection, word2vec, BERT, dimension reduction, ensemble model
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:hh:diva-50921OAI: oai:DiVA.org:hh-50921DiVA, id: diva2:1772725
Subject / course
Digital Forensics
Educational program
Master's Programme in Network Forensics, 60 credits
Supervisors
Examiners
Available from: 2023-06-07 Created: 2023-06-21 Last updated: 2023-06-27Bibliographically approved

Open Access in DiVA

fulltext(700 kB)210 downloads
File information
File name FULLTEXT02.pdfFile size 700 kBChecksum SHA-512
f2e28f8f7cb8a595c4fb959989457b544a420e83950f0f82cd93370fa1a9928d8d8e4d032a5b9f0977b75ccf0b19890d6af9c8260ba85ba34671176e9c479310
Type fulltextMimetype application/pdf

By organisation
School of Information Technology
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 210 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 352 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf