Improving Website Intrusion Detection Using Similarity Search Vector and Deep Learning Model

Abstract

Abstract

Cyberspace threats are one of the significant issues that information technology based organizations should deal with them. Generally, the security  attacks  often  attempt  aimed  to  gain unauthorized access to the critical data in the information systems and then modify, expose, or use them, the signature-based IDS schemes cannot detect new attacks in which their pattern and signature are unknown. On the other hand, anomaly-based IDS approaches attempt to learn the normal behaviors and recognize everything else as anomaly or intrusion. Nonetheless, they suffer from the false  positive  problem  that  restricts  their  application. This work shows how to use similarity search as a service to improve detection rare events. The datasets were used consist of benign (normal) network traffic and malicious traffic generated from several different network attacks. The Author focused on web attacks only. The web attack category consists of three common attacks, Cross-site scripting (Brute Force-XSS), SQL-Injection (SQL- Injection), and  Brute   force   administrative   and  user passwords (Brute Force-Web). The result is accuracy for detecting website attacks increased from 29% to 58%. From the overall value, the accuracy of the data that has been used as a similarity search vector has increased from 87.1% to 92.3%.