LSTM Neural Networks for Detecting Anomalies Caused by Web Application Cyber Attacks

Detecting anomalies in the traffic of computer networks is an important step in protecting and countering various types of cyber attacks. Among the many methods and approaches for detecting anomalies in network traffic, the most popular are machine learning methods that allow one to achieve high accuracy with minimal errors. One of the ways to improve the efficiency of anomaly detection using machine learning is the use of artificial neural networks of complex architecture, in particular, networks with long short-term memory (LSTM), which have demonstrated high efficiency in many areas. The paper is devoted to the study of the capabilities of LSTM neural networks for detecting network anomalies. It proposes using LSTM neural networks to detect network anomalies caused by cyber attacks to bypass Web Application Firewall vulnerabilities that are very difficult to detect by other means. For this purpose, it is proposed to use LSTM in conjunction with an autoencoder. The issues of software implementation of the proposed approach are considered. The experimental results obtained using the generated dataset confirmed the high efficiency of the developed approach. Experiments have shown that the proposed approach allows detecting cyber attacks in real or near real time.

Evaluation of Pre-Earthquake Anomalies of Borehole Strain Network by Using Receiver Operating Characteristic Curve

In order to monitor temporal and spatial crustal activities associated with earthquakes, ground- and satellite-based monitoring systems have been installed in China since the 1990s. In recent years, the correlation between monitoring strain anomalies and local major earthquakes has been verified. In this study, we further evaluate the possibility of strain anomalies containing earthquake precursors by using Receiver Operating Characteristic (ROC) prediction. First, strain network anomalies were extracted in the borehole strain data recorded in Western China during 2010–2017. Then, we proposed a new prediction strategy characterized by the number of network anomalies in an anomaly window, Nano, and the length of alarm window, Talm. We assumed that clusters of network anomalies indicate a probability increase of an impending earthquake, and consequently, the alarm window would be the duration during which a possible earthquake would occur. The Area Under the ROC Curve (AUC) between true predicted rate, tpr, and false alarm rate, fpr, is measured to evaluate the efficiency of the prediction strategies. We found that the optimal strategy of short-term forecasts was established by setting the number of anomalies greater than 7 within 14 days and the alarm window at one day. The results further show the prediction strategy performs significantly better when there are frequent enhanced network anomalies prior to the larger earthquakes surrounding the strain network region. The ROC detection indicates that strain data possibly contain the precursory information associated with major earthquakes and highlights the potential for short-term earthquake forecasting.