Digital Library[ Search Result ]
CNN-based Reduced Complexity Decision Confidence Estimation for Imbalanced Web Application Attack Detection
Seungyoung Park, Hansung Kim, Taejoon Jung
http://doi.org/10.5626/JOK.2020.47.9.842
As web application attacks have been rapidly increasing and their types have been diversified, there are limitations on detecting them with the existing schemes. To resolve this problem, the detection techniques using machine learning such as the convolutional neural network (CNN) have been proposed. However, the confidence on the decision error sample in these techniques has been unreliable. To estimate more reliable decision confidence, the Monte-Carlo batch normalization (MCBN) technique combined with the CNN has been proposed. In particular, the CNN performs multiple decisions on a given evaluation sample using multiple mini-batches containing it. Then, its decision confidence estimate is obtained by averaging the multiple decision results. However, it requires too large of a computational load. The reason is that each mini-batch comprises randomly selected (M-1) training samples and only one evaluation sample, when the mini-batch size is M. In this paper, we propose a reduced complexity decision confidence estimation scheme for imbalanced web application attack detection. Specifically, the proposed scheme reduces the computational load by up to M times compared to the MCBN scheme. Also, at the estimation process, the ratio of normal and attack samples in the mini-batch should be maintained the same as that of the training process. To achieve this, we found which class size was small by performing a temporal decision on the evaluation samples. Then, the small class was over-sampled using the training samples to maintain the ratio. Our experimental results showed that the performance improved, and the reliability estimation performance was not significantly degraded compared to the MCBN scheme.
ESS Operation Scheduling Scheme Using LSTM for Peak Demand Reduction
Yeongung Seo, Seungyoung Park, Myungjin Kim, Sungbin Lim
http://doi.org/10.5626/JOK.2019.46.11.1165
In recent years, blackouts have become more likely in South Korea as the peak demand has sharply increased. In order to address this issue, an energy storage system (ESS) operation scheduling technique has been investigated for its ability to reduce the peak demand by utilizing the power stored in the ESS. If the power demand information is known in advance, an optimal ESS operation scheduling technique can be applied in consideration of both the power stored in the ESS and the power demand to be generated in the future. However, it is difficult to predict the peak demand in advance because it only occurs in a relatively short time period, and the instance of its occurrence differs substantially from day-to-day. Therefore, it is very difficult to implement an optimal ESS operation scheduling technique that requires exact information on power demands in advance. Thus, in this paper, we proposed an ESS operation scheduling method with which to reduce the peak demand by using only historical power demands. Specifically, we employed a long short-term memory (LSTM) network and trained it using the historical power demands and their corresponding optimal ESS discharge powers. Then, we applied the trained network to approximate the optimal ESS operation scheduling. We showed the validity of the proposed method through computer simulations using historical power demand data from four customers. In particular, it was shown that the proposed scheme reduced the peak demand per year by up to about 82.42% compared to the optimal scheme that is only feasible when the exact future power demands are available.
Web Application Attack Detection Scheme Using Convolutional Neural Networks
Yeongung Seo, Myungjin Kim, Seungyoung Park, Seokwoo Lee
http://doi.org/10.5626/JOK.2018.45.7.744
Because rates of web application attacks are rapidly increasing, web application attack detection schemes using machine learning have recently become of interest. Existing schemes, however, require the selection of a suitable set of features representing the characteristics of expected attacks, and this set of features needs to be adjusted every time a new type of attack is discovered. In this paper, we propose a web application attack detection scheme employing a convolutional neural network (CNN) without the need to select any features in advance. Specifically, the CNN is trained in a supervised manner with images transformed from hexadecimally converted characters in HTTP traffic, without any restriction in the input characters used. Our experimental results show that the proposed scheme improves detection error rate performance by up to 84.4% over existing schemes.
HTTP Request - SQL Query Mapping Scheme for Malicious SQL Query Detection in Multitier Web Applications
The continuously growing internet service requirements has resulted in a multitier system structure consisting of web server and database (DB) server. In this multitier structure, the existing intrusion detection system (IDS) detects known attacks by matching misused traffic patterns or signatures. However, malicious change to the contents at DB server through hypertext transfer protocol (HTTP) requests at the DB server cannot be detected by the IDS at the DB server’s end, since the DB server processes structured query language (SQL) without knowing the associated HTTP, while the web server cannot identify the response associated with the attacker’s SQL query. To detect these types of attacks, the malicious user is tracked using knowledge on interaction between HTTP request and SQL query. However, this is a practical challenge because system’s source code analysis and its application logic needs to be understood completely. In this study, we proposed a scheme to find the HTTP request associated with a given SQL query using only system log files. We first generated an HTTP request-SQL query map from system log files alone. Subsequently, the HTTP request associated with a given SQL query was identified among a set of HTTP requests using this map. Computer simulations indicated that the proposed scheme finds the HTTP request associated with a given SQL query with 94% accuracy.
Search
Journal of KIISE
- ISSN : 2383-630X(Print)
- ISSN : 2383-6296(Electronic)
- KCI Accredited Journal
Editorial Office
- Tel. +82-2-588-9240
- Fax. +82-2-521-1352
- E-mail. chwoo@kiise.or.kr