Web Based Anomaly Detection using Zero-Shot Learning with CNN

Creative Commons License

Demirel D. Y., Sandıkkaya M. T.

IEEE Access, vol.11, pp.91511-91525, 2023 (SCI-Expanded) identifier

  • Publication Type: Article / Article
  • Volume: 11
  • Publication Date: 2023
  • Doi Number: 10.1109/access.2023.3303845
  • Journal Name: IEEE Access
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, INSPEC, Directory of Open Access Journals
  • Page Numbers: pp.91511-91525
  • Keywords: anomaly detection, attack detection, CNN, web attacks, Zero-shot learning
  • Istanbul Technical University Affiliated: Yes


In recent years, cyberattacks have become a persistent threat, especially for websites. Therefore, web application security has become a significant issue in all industries under the evolution of intelligent devices and services. Dealing with imbalanced data is the biggest obstacle to providing security for web applications because there are less harmful data despite a large number of innocuous web request data. This paper suggests a novel Zero-Shot Learning method employing a Convolutional Neural Network to address unbalanced data and high false positive rates (ZSL-CNN). This approach uses only benign data during the training step, while it predicts unseen malicious requests. Three different web request datasets are utilized for comprehensive results. The first dataset is a novel dataset containing internet banking web request logs provided by Yapı Kredi Teknoloji. Other datasets are the open-source WAF dataset and the HTTP dataset CSIC 2010. After performing the code embedding process, the URI part obtained from these datasets is given as input to the ZSL-CNN model. The outcomes are then contrasted with those obtained using several methods, including as Isolation Forest, Autoencoder, Denoising Autoencoder with Dropout, and One-Class SVM. After being tested on the datasets mentioned above, experimental results demonstrate that the true positive rate of this model is better than those of other methods, reaching 99.29 %, respectively.