Enhancing Web Application Security: A Deep Learning and NLP-based Approach for Accurate Attack Detection

Abstract

Abstract— Nowadays, web attacks have become more complicated, leading to the difficulty of traditional web application firewalls (WAFs) in recognizing those threats, especially when dealing with new attacks. Hence, machine learning/deep learning (ML/DL) approaches have been applied to the field of web attack detection with proven success. However, most existing ML/DL-based web attack detectors focus on a specific type of attack due to the difference in the payload of various attacks, which sets a border to the capability of those solutions in detecting new attack types. In this paper, we propose a novel DL-based solution for web attack detection, named DL-WAD, leveraging deep learning and natural language processing techniques. Moreover, DL-WAD is designed with a data preprocessing mechanism aimed at differentiating between regular web requests and malicious ones that carry attack payloads encompassing multiple types of web attacks. The experiment results indicate the effectiveness of our solution in protecting the target web services from a wide range of attacks with high accuracy.