Anomaly Detection on Web-User Behaviors through Deep Learning

Publication Date: 10/23/2020

Event: 16th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2020)

Reference: 1-6, 2020

Authors: Jiaping Gui, NEC Laboratories America, Inc.; Zhengzhang Chen, NEC Laboratories America, Inc.; Xiao Yu, NEC Laboratories America, Inc.; Cristian Lumezanu, NEC Laboratories America, Inc.; Haifeng Chen, NEC Laboratories America, Inc.

Abstract: The modern Internet has witnessed the proliferation of web applications that play a crucial role in the branding process among enterprises. Web applications provide a communication channel between potential customers and business products. However, web applications are also targeted by attackers due to sensitive information stored in these applications. Among web-related attacks, there exists a rising but more stealthy attack where attackers first access a web application on behalf of normal users based on stolen credentials. Then attackers follow a sequence of sophisticated steps to achieve the malicious purpose. Traditional security solutions fail to detect relevant abnormal behaviors once attackers login to the web application. To address this problem, we propose WebLearner, a novel system to detect abnormal web-user behaviors. As we demonstrate in the evaluation, WebLearner has an outstanding performance. In particular, it can effectively detect abnormal user behaviors with over 96% for both precision and recall rates using a reasonably small amount of normal training data.

Publication Link: https://link.springer.com/chapter/10.1007/978-3-030-63086-7_25