Web-APT-Detect: A Framework For Web-Based Advanced Persistent Threat Detection Using Self-Translation Machine With Attention
Liu Yan, Jay Xiong
Abstract
With more and more companies providing online services through the Internet, Web applications have been targeted by hackers. Although the existing signature-based Web Application Firewall (WAF) can well defend against known attack methods against Web applications, it is vulnerable to Web Advanced Persistent Threat (APT) using a large number of unknown Web attack methods to attack online services. In an effort to combat Web-based APT, we propose an unsupervised anomaly detection algorithm, Web-APT-Detect (WAD), which implements self-translation machine through an encoder-decoder using attention mechanism. Our attention mechanisms can improve the quality of self-translation machine used to detect malicious patterns in HTTP requests. Through experiments on the CSIC 2010 dataset, the F1-Score of our algorithm reaches 0.9844, which surpasses the known unsupervised algorithm and reaches the same level as the state-of-the-art supervised algorithm.