LogBERT-BiLSTM: Detecting Malicious Web Requests

The digitalization of society potentialized services provided through the Internet, such as information sharing, entertainment, and education. With the rise of end-user services, we also verify the growth of attacks. Unfortunately, most defensive techniques of Web Intrusion Systems cannot deal with the complexity of cyber attacks on HTTP requests. Nevertheless, machine learning approaches are now a promising tool in different areas that can help to detect known and unknown attacks on day zero. We propose a new approach to detect possible attacks on HTTP requests based on machine learning. The new model LogBERTB-iLSTM uses BERT and Bidirectional LSTMs to detect anomalies in data. Experiments compared the proposed approach with literature models on CSIC 2010 and ECML/PKDD 2007 datasets. In addition, we created a new dataset of HTTP requests to evaluate the model performance. The proposed model obtained detection rates consistently above 95% of accuracy on the evaluated datasets.