Security and Communication Networks

Research Article

MC-MLDCNN: Multichannel Multilayer Dilated Convolutional Neural Networks for Web Attack Detection

Table 1

Summary of the related work.


Study	Architecture	Dataset	Remarks	Attack type	Performance

Mehta et al. [28]	Logistic regression, random forest, SVM, and more	Self-collected	Evaluation of supervised/unsupervised ML algorithms (logistic regression achieves the best performance)	SQL injection	Acc: 93.21, Rcll: 77.38, Prec: 100
Louk and Tama [29]	Bagging ensemble of gradient boosting decision trees	HIKARI-2021, NSL-KDD, UNSW-NB15	Bagging ensemble of GBM performs the best	Intrusion detection	Acc: 91.57, Rcll: 86.18, Prec: 98.67, : 91.50
Althubiti et al. [30]	LSTM	CSIC 2010	Manual feature extraction is applied	Intrusion detection	Acc: 99.97, Rcll: 99.50, Prec: 99.50
Yin et al. [32]	RNN	NSL-KDD	Feature extraction is performed automatically	Intrusion detection	Acc: 81.29
Xing et al. [33]	LSTM + bidirectional RNN	Real-world datasets	Feature extraction is performed automatically	Cyberattack rate	MSE: 3,628,266, MAD: 463.2715, PMAD: 0.012, MAPE: 0.013
Kasim [34]	Sparse autoencoder + principal component + light gradient boosted machine	ISCX-URL	Sparse autoencoder + principal component are applied for feature learning; light gradient boosted machine is used for feature selection and classification	Phishing attacks	Acc: 99.6, : 99.58, FPR: 0.001
Dawadi et al. [35]	Layered LSTM	Self-collected	Manual feature extraction is performed by analyzing attack-indicator features of IDS ISCX 2012, 2019 DDoS CIC, and CISC 2010 datasets	DDoS attack, XSS and SQL injection	Acc_DDoS: 97.57, Acc_XSS/SQL: 89.34
Hao et al. [36]	Bi-LSTM	CSIC 2010	Word2vec is applied for feature representation	Web attack	Acc: 98.35, Rcll: 98.17, Prec: 99.00, : 98.58, FPR: 0.014
Alaoui and Nfaoui [38]	Ensemble of LSTMs	CSIC 2010	Word2vec is applied for feature representation	Web attack	Acc: 78.95, Rcll: 78.41, Prec: 81.54, : 77.57
Zhang et al. [39]	CNN	CSIC 2010	Word-level embedding is applied	Web attack	Acc: 93.35, Rcll: 96.49, FPR: 0.0137
Tian et al. [40]	M-ResNet + FastText	CSIC 2010, FWAF, HttpParams dataset	Concatenation of Word2vec and TF-IDF is used for feature vectors. M-ResNet is applied for feature discrimination purpose. Classification is performed using a FastText classifier	Web attack	Acc: 99.41, Rcll: 98.91, DRN: 99.55, : 77.57
Luo et al. [43]	Ensemble of M-ResNets, LSTM, and CNN	CSIC 2010 real-world dataset	Concatenation of Word2vec and TF-IDF is used for feature representation	Web attack	Acc: 99.47, Rcll: 99.29, Prec: 99.70, FPR: 0.0033
Rong et al. [44]	CNN	Self-collected	Character-level embedding is applied	Injection attacks	Prec: 100, Rcll: 99.7, FPR: 0.0002
Odumuyiwa and Chibueze [45]	CNN	ECML/PKDD 2007, CSIC 2010	Character-level embedding is applied	HTTP injection attacks	Acc: 96.39, Prec: 98.83, Rcll: 95.00, : 97.00, FPR: 0.020
Saxe and Berlin [3]	CNN	Self-collected	Character-level embedding is applied	Malicious URLs, paths, registry keys	AUC_URL: 99.30, AUC_FilePath: 97.80, AUC_RegistryKeys: 99.20
Gong et al. [19]	CNN + LSTM	CSIC 2010	Character-level embedding is applied	Web attack	Acc: 97.79, Prec: 98.54, Rcll: 96.04, : 97.27
Jemal et al. [2]	CNN + LSTM	CSIC 2010	ASCII-level embedding is applied	Web attack	Acc: 99.25, Prec: 97.73, Rcll: 99.35, : 98.53
Vinayakumar et al. [46]	CNN, RNN, LSM, CNN-LSTM, and more	Self-collected	Character-level embedding is applied. The most effective models are LSTM and CNN-LSTM	Malicious URL	Acc_LSTM: 99.95, AUC_LSTM: 99.99, Acc_CNN-LSTM: 99.96, AUC_CNN-LSTM: 99.99
Hung et al. [47]	CNN	Self-collected	Character-level and word-level embeddings are used	Malicious URL	AUC: 99.29
Kasim [48]	Autoencoder + SVM	CICIDS, NSL-KDD, virtual traffic DDoS attack	Autoencoder is used for feature learning and dimensionality reduction. SVM is used for classification	DDoS attack	Acc: 99.41, Prec: 99.66, Rcll: 99.67, : 99.67
Yi et al. [49]	Autoencoders, restricted Boltzmann machine, deep belief networks, CNN, and more	The datasets used in the literature are covered	Review of application of deep learning approaches. It covers feature representation, model training, model robustness enhancement techniques, and problems and challenges of developments	Network attacks	—
Pillai and Sharma [50]	Stacked autoencoder (SAE) + denoising autoencoder (DAE) + generative adversarial network (GAN) + deep Boltzmann machine + Bi-LSTM	CSIC 2010v2	Concatenated form of SAE and DAE outputs is fed into a GAN for feature representation. The deep Boltzmann machine is used to identify attacks. For identifying the different types of attacks, Bi-LSTM is used	Web attack	Prec: 98.78, Rcll: 98.78, : 98.78
Thajeel et al. [51]	ML, deep learning	Frequently used datasets are covered	Literature review of ML and deep learning methodologies and advancements	XSS attacks	—
Rizvi et al. [52]	Dilated CNN	CSE-CIC-IDS2018, CIC-IDS2017	Manual feature selection is applied	Intrusion detection	Acc: 99.98

DRN: the percentage of all normal requests that are classified as normal; MSE: mean square error; MAD: mean absolute deviation; PMAD: percent mean absolute deviation; MAPE: mean absolute percentage error. Acc, Prec, Rcll, , and FPR: accuracy, precision, recall, score, and false-positive rate, respectively. The overall performance of relative datasets is given. In studies containing multiple dataset evaluations, the provided performance is related to the bold dataset.