A Novel Data Augmentation Technique and Deep Learning Model for Web Application Security

Abstract

Web applications are often exposed to attacks because of the critical information and valuable assets they host. In this study, Bi-LSTM based web application security models were developed in order to detect web attacks and classify them into binary or multiple classes using HTTP requests. A novel data augmentation technique based on the self-adapting noise adding method (DA-SANA) was developed. The DA-SANA method solves the low sensitivity problem caused by imbalanced data and the complex structure of multi-class classification in web attack detection. Experimental evaluations are carried out in detail using two benchmark web security datasets and a newly created dataset within the scope of the study. The achieved worst case detection rates are 98.34% and 93.91% for binary-class and multi-class classifications, respectively. The proposed DA-SANA technique provides an average of 6.52% improvement in multi-class classification for two datasets. These results revealed that the best classification performance values were achieved when compared with previous studies.