Malicious Requests Detection with Improved Bidirectional Long Short-term Memory Neural Networks

Detecting and intercepting malicious requests are one of the most widely used ways against attacks in the network security. Most existing detecting approaches, including matching blacklist characters and machine learning algorithms have all shown to be vulnerable to sophisticated attacks. To address the above issues, a more general and rigorous detection method is required. In this paper, we formulate the problem of detecting malicious requests as a temporal sequence classification problem, and propose a novel deep learning model namely Convolutional Neural Network-Bidirectional Long Short-term Memory-Convolutional Neural Network (CNN-BiLSTM-CNN). By connecting the shadow and deep feature maps of the convolutional layers, the malicious feature extracting ability is improved on more detailed functionality. Experimental results on HTTP dataset CSIC 2010 have demonstrated the effectiveness of the proposed method when compared with the state-of-the-arts.
Comment: Mistakes occupy in the experimental results thus was rejected by ICICS. For preciseness we have to withdraw the paper. The experimental results are self-contradictory. The results of RNN-IDS in Table 1. FPR = 100% = FP/(FP+TN), so TN should be 0. recall = 100% = TP/(TP+FN), so FN should be 0. Therefore, precision=TP/(TP+FP)=50%, given that FP=TP. But table 1 shows that precision is 0.6967